.htaccess Blocking

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • HairyChick
    Slowly dying
    • Sep 2012
    • 3091

    #1

    .htaccess Blocking

    I’m inundated with emails of failed login attempts for one site. The site is not developed other than a Wordpress install. Two thousand emails in a week.

    I’m about to change login.php to nologin or something similar. I’ll redirect 404 somewhere else, not sure where.

    My question is blocking the address at the server level. All are from *.*.secureserver.net. Considering about forty unique IPs so far have tried, I’d say they’re UNsecureserver.

    Rather than each IP, isn’t a block of *.*.secureserver.net better? IPs are all over the place from 43.*.*.* to 248.*.*.*. Attempts from all over the worl, from Turkey to Russia to Ecuador. I asked my host to do the domain ban and they are doing IP. I know blocking all users from there is rash but until I launch the site, there’s no reason to leave the door open.

    Other hosts with unsecured boxes run from dreamhost, bluehost, anazonaws, Europe hosts and one host with private servers like Michael-Wilson.dreamhost.com

    The sheer amount in 2018 shocks me. I thought hosts knew how to secure boxes by now. The logs must be huge yet no one notices a spike in traffic?
    *****************************************
    Anti-Semites have Small Penis Syndrome. The only known treatment is electroshock therapy combined with cerebellum removal. Fortunately, it’s a tiny procedure.
    *****************************************
  • JesseQuinn
    feeding the wolves
    • Aug 2012
    • 6622

    #2
    Originally posted by PamWinterReturns
    I’m inundated with emails of failed login attempts...

    ...Rather than each IP, isn’t a block of *.*.secureserver.net better?
    as you mentioned wp I'm assuming you're using wordfence? wp is a popular system so there are lots of people out there trying to hack that cms. If you are using wordfence turn off the 'failed login' option for email alerts

    as to the blocking question in your post, if you're using wf you would use the wildcard option to block.

    so *secureserver.net or *secureserver

    beyond that, for real don't sweat hack attempts. with a decent VPN you can handle the stuff you don't block, so go make money instead of stressing over stats
    throwing molotav cocktails at the precinct

    Comment

    • sarettah
      see you later, I'm gone
      • Oct 2002
      • 14297

      #3
      I am thinking that you are probably interpreting something improperly.

      secureserver.net is godaddy's mail server for it's customers. You should not be seeing anything hitting your site from there.

      But I don't know where you are seeing it so I can't help you any further plus I think you have me blocked so you probably won't even see this.

      .
      All cookies cleared!

      Comment

      • AdultKing
        Raise Your Weapon
        • Jun 2003
        • 15601

        #4
        Automated brute force attacks are nothing new, why do they bother you? Put the site behind Cloudflare, add some extra layer of security to your WP install and if you're using the host in your sig, that cardboard cutout toy host then go somewhere better that may have some control over their servers.

        1. Run up to date software on your host.
        2. Use strong passwords.
        3. Explore adding extra security to your CMS/Script installation.
        4. Use Cloudflare, it will make your site faster and help secure it.
        5. Don't use dubious pretend hosts (often their clients are better targets for automated attacks).

        Probably a good time to learn about how the Internet works while you're at it.

        Comment

        • freecartoonporn
          Confirmed User
          • Jan 2012
          • 7683

          #5
          people are trying to login to your wordpress to hack it.

          here are steps you can take

          1) rename login.php to any other non existent page
          2) block access to login.php page. chmod 0 login.php or any other way in htacess.
          3) add captcha for login page.

          i would go with add captcha .
          SSD Cloud Server, VPS Server, Simple Cloud Hosting | DigitalOcean

          Comment

          • Paul&John
            Confirmed User
            • Aug 2005
            • 8643

            #6
            I've a htpassword set for the wp-admin folder.. seems to do the trick since 2008
            Use coupon 'pauljohn' for a $1 discount at already super cheap NameSilo!
            Anal Webcams | Kinky Trans Cams Live | Hotwife XXX Tube | Get your Proxies here

            Comment

            • JuicyBunny
              So Fucking Banned
              • Jun 2010
              • 2145

              #7
              Loginizer is also helpful. Light weight but performs like wordfence.

              Comment

              • tfto
                GFY and your feelings.
                • Sep 2001
                • 2121

                #8
                Block all the countries/IP ranges, whose traffic is useless. China. Russia. All of Africa. Brazil. Most of Asia. That's where I've seen where most of the bots come from. All that traffic is totally useless and they are fishing for files to exploite.

                Comment

                • HomerSimpson
                  Too lazy to set a custom title
                  • Sep 2005
                  • 13826

                  #9
                  Any of these two will work fine:

                  1. Add reCAPTHA to the login
                  https://wordpress.org/plugins/login-recaptcha/

                  2. Make Wordpress.com account, install JetPack, enable JetPack access, disable login with user/password...
                  Make a bank with Chaturbate - the best selling webcam program
                  Ads that can't be block with AdBlockers !!! /// Best paying popup program (Bitcoin payouts) !!!

                  PHP, MySql, Smarty, CodeIgniter, Laravel, WordPress, NATS... fixing stuff, server migrations & optimizations... My ICQ: 27429884 | Email:

                  Comment

                  • HairyChick
                    Slowly dying
                    • Sep 2012
                    • 3091

                    #10
                    I mentioned renaming the login page. Captcha is a great idea, thanks. I didn’t see several posts but they probably list what others said.

                    GoDaddy really needs to learn how to secure their accounts. Bluehost and dreamhost do as well.

                    The bots use mostly foreign IPs and China hasn’t been used yet. A lot of private server accounts and a lot of numeric hosts. Hate to block a whole class of IP as often it blocks too much.

                    Eventually I’ll make a list of open accounts. I’d estimate I’ve seen more than a thousand accounts that are compromised.

                    My first experience with this was 1994. My host called to say they’d shut off my paysite due to extreme traffic. DOS wasn’t popular then but bots trying to hack were. My host was small so a surge would cause other customers to lag. Solution was to pull me down. I changed hosts fast. They taught me about .htaccess
                    and how blocking worked. One guy wrote me a script that redirects the bad login to Netscape and wrote to .htaccess. I wish I had that script again.

                    These bots are trying to hack but the site isn’t built. A trojan could be left on the box and that was a huge deal in the 90’s. Every visitor was allowed to say YES to the pop up and install “free pictures” but it was a trojan that logged keyboard clicks or deleted most of Windows.

                    Ah, the good old days. Creative minds wasted on viruses. I researched and talked to packet kiddies to learn. I didn’t want to cause issues, just wanted to learn how and why. I’m always curious about how they get access. 2018 and it still goes on.
                    *****************************************
                    Anti-Semites have Small Penis Syndrome. The only known treatment is electroshock therapy combined with cerebellum removal. Fortunately, it’s a tiny procedure.
                    *****************************************

                    Comment

                    • HairyChick
                      Slowly dying
                      • Sep 2012
                      • 3091

                      #11
                      Originally posted by tfto
                      Block all the countries/IP ranges, whose traffic is useless. China. Russia. All of Africa. Brazil. Most of Asia. That's where I've seen where most of the bots come from. All that traffic is totally useless and they are fishing for files to exploite.
                      The majority are USA connections. I’m always leery of blocking too many IPs or countries as it can lag the server at times. Checking each IP as they land with fifty bots landing at once can drag down too much. At least it was that way ten years ago before I left.

                      They’re fishing but for Wordpress I use as few plugins as possible. The newer ones i ignore for a while but even tried and tested old ones can be compromised. I only have a basic install and will change the login page right now.
                      *****************************************
                      Anti-Semites have Small Penis Syndrome. The only known treatment is electroshock therapy combined with cerebellum removal. Fortunately, it’s a tiny procedure.
                      *****************************************

                      Comment

                      Working...