.htaccess Blocking - GoFuckYourself.com

HairyChick · 11-25-2018, 07:55 PM

I’m inundated with emails of failed login attempts for one site. The site is not developed other than a Wordpress install. Two thousand emails in a week.

I’m about to change login.php to nologin or something similar. I’ll redirect 404 somewhere else, not sure where.

My question is blocking the address at the server level. All are from *.*.secureserver.net. Considering about forty unique IPs so far have tried, I’d say they’re UNsecureserver.

Rather than each IP, isn’t a block of *.*.secureserver.net better? IPs are all over the place from 43.*.*.* to 248.*.*.*. Attempts from all over the worl, from Turkey to Russia to Ecuador. I asked my host to do the domain ban and they are doing IP. I know blocking all users from there is rash but until I launch the site, there’s no reason to leave the door open.

Other hosts with unsecured boxes run from dreamhost, bluehost, anazonaws, Europe hosts and one host with private servers like Michael-Wilson.dreamhost.com

The sheer amount in 2018 shocks me. I thought hosts knew how to secure boxes by now. The logs must be huge yet no one notices a spike in traffic?

JesseQuinn · 11-25-2018, 08:08 PM

Quote:

Originally Posted by PamWinterReturns

I’m inundated with emails of failed login attempts...

...Rather than each IP, isn’t a block of *.*.secureserver.net better?

as you mentioned wp I'm assuming you're using wordfence? wp is a popular system so there are lots of people out there trying to hack that cms. If you are using wordfence turn off the 'failed login' option for email alerts

as to the blocking question in your post, if you're using wf you would use the wildcard option to block.

so *secureserver.net or *secureserver

beyond that, for real don't sweat hack attempts. with a decent VPN you can handle the stuff you don't block, so go make money instead of stressing over stats

sarettah · 11-25-2018, 08:59 PM

I am thinking that you are probably interpreting something improperly.

secureserver.net is godaddy's mail server for it's customers. You should not be seeing anything hitting your site from there.

But I don't know where you are seeing it so I can't help you any further plus I think you have me blocked so you probably won't even see this.

.

AdultKing · 11-25-2018, 09:36 PM

Automated brute force attacks are nothing new, why do they bother you? Put the site behind Cloudflare, add some extra layer of security to your WP install and if you're using the host in your sig, that cardboard cutout toy host then go somewhere better that may have some control over their servers.

1. Run up to date software on your host.
2. Use strong passwords.
3. Explore adding extra security to your CMS/Script installation.
4. Use Cloudflare, it will make your site faster and help secure it.
5. Don't use dubious pretend hosts (often their clients are better targets for automated attacks).

Probably a good time to learn about how the Internet works while you're at it.

freecartoonporn · 11-25-2018, 10:52 PM

people are trying to login to your wordpress to hack it.

here are steps you can take

1) rename login.php to any other non existent page
2) block access to login.php page. chmod 0 login.php or any other way in htacess.
3) add captcha for login page.

i would go with add captcha .

Paul&John · 11-26-2018, 01:21 AM

I've a htpassword set for the wp-admin folder.. seems to do the trick since 2008

JuicyBunny · 11-26-2018, 02:24 AM

Loginizer is also helpful. Light weight but performs like wordfence.

tfto · 11-26-2018, 09:37 AM

Block all the countries/IP ranges, whose traffic is useless. China. Russia. All of Africa. Brazil. Most of Asia. That's where I've seen where most of the bots come from. All that traffic is totally useless and they are fishing for files to exploite.

HomerSimpson · 11-26-2018, 03:26 PM

Any of these two will work fine:

1. Add reCAPTHA to the login
https://wordpress.org/plugins/login-recaptcha/

2. Make Wordpress.com account, install JetPack, enable JetPack access, disable login with user/password...

HairyChick · 11-26-2018, 08:36 PM

I mentioned renaming the login page. Captcha is a great idea, thanks. I didn’t see several posts but they probably list what others said.

GoDaddy really needs to learn how to secure their accounts. Bluehost and dreamhost do as well.

The bots use mostly foreign IPs and China hasn’t been used yet. A lot of private server accounts and a lot of numeric hosts. Hate to block a whole class of IP as often it blocks too much.

Eventually I’ll make a list of open accounts. I’d estimate I’ve seen more than a thousand accounts that are compromised.

My first experience with this was 1994. My host called to say they’d shut off my paysite due to extreme traffic. DOS wasn’t popular then but bots trying to hack were. My host was small so a surge would cause other customers to lag. Solution was to pull me down. I changed hosts fast. They taught me about .htaccess
and how blocking worked. One guy wrote me a script that redirects the bad login to Netscape and wrote to .htaccess. I wish I had that script again.

These bots are trying to hack but the site isn’t built. A trojan could be left on the box and that was a huge deal in the 90’s. Every visitor was allowed to say YES to the pop up and install “free pictures” but it was a trojan that logged keyboard clicks or deleted most of Windows.

Ah, the good old days. Creative minds wasted on viruses. I researched and talked to packet kiddies to learn. I didn’t want to cause issues, just wanted to learn how and why. I’m always curious about how they get access. 2018 and it still goes on.

HairyChick · 11-26-2018, 08:43 PM

Quote:

Originally Posted by tfto

Block all the countries/IP ranges, whose traffic is useless. China. Russia. All of Africa. Brazil. Most of Asia. That's where I've seen where most of the bots come from. All that traffic is totally useless and they are fishing for files to exploite.

The majority are USA connections. I’m always leery of blocking too many IPs or countries as it can lag the server at times. Checking each IP as they land with fifty bots landing at once can drag down too much. At least it was that way ten years ago before I left.

They’re fishing but for Wordpress I use as few plugins as possible. The newer ones i ignore for a while but even tried and tested old ones can be compromised. I only have a basic install and will change the login page right now.

11-25-2018, 07:55 PM	#1
HairyChick Slowly dying Industry Role: Join Date: Sep 2012 Location: Padanaram Posts: 3,091	.htaccess Blocking I’m inundated with emails of failed login attempts for one site. The site is not developed other than a Wordpress install. Two thousand emails in a week. I’m about to change login.php to nologin or something similar. I’ll redirect 404 somewhere else, not sure where. My question is blocking the address at the server level. All are from ..secureserver.net. Considering about forty unique IPs so far have tried, I’d say they’re UNsecureserver. Rather than each IP, isn’t a block of ..secureserver.net better? IPs are all over the place from 43...* to 248.... Attempts from all over the worl, from Turkey to Russia to Ecuador. I asked my host to do the domain ban and they are doing IP. I know blocking all users from there is rash but until I launch the site, there’s no reason to leave the door open. Other hosts with unsecured boxes run from dreamhost, bluehost, anazonaws, Europe hosts and one host with private servers like Michael-Wilson.dreamhost.com The sheer amount in 2018 shocks me. I thought hosts knew how to secure boxes by now. The logs must be huge yet no one notices a spike in traffic? __________________ **************************************** Anti-Semites have Small Penis Syndrome. The only known treatment is electroshock therapy combined with cerebellum removal. Fortunately, it’s a tiny procedure. *****************************************

11-25-2018, 08:59 PM	#3
sarettah see you later, I'm gone Industry Role: Join Date: Oct 2002 Posts: 14,072	I am thinking that you are probably interpreting something improperly. secureserver.net is godaddy's mail server for it's customers. You should not be seeing anything hitting your site from there. But I don't know where you are seeing it so I can't help you any further plus I think you have me blocked so you probably won't even see this. . __________________ All cookies cleared!

11-25-2018, 10:52 PM	#5
freecartoonporn Confirmed User Industry Role: Join Date: Jan 2012 Location: NC Posts: 7,683	people are trying to login to your wordpress to hack it. here are steps you can take 1) rename login.php to any other non existent page 2) block access to login.php page. chmod 0 login.php or any other way in htacess. 3) add captcha for login page. i would go with add captcha . __________________ SSD Cloud Server, VPS Server, Simple Cloud Hosting \| DigitalOcean

11-26-2018, 01:21 AM	#6
Paul&John Confirmed User Industry Role: Join Date: Aug 2005 Location: YUROP Posts: 8,601	I've a htpassword set for the wp-admin folder.. seems to do the trick since 2008 __________________ Use coupon 'pauljohn' for a $1 discount at already super cheap NameSilo! Anal Webcams \| Kinky Trans Cams Live \| Hotwife XXX Tube \| Get your Proxies here

11-26-2018, 03:26 PM	#9
HomerSimpson Too lazy to set a custom title Industry Role: Join Date: Sep 2005 Location: Springfield Posts: 13,826	Any of these two will work fine: 1. Add reCAPTHA to the login https://wordpress.org/plugins/login-recaptcha/ 2. Make Wordpress.com account, install JetPack, enable JetPack access, disable login with user/password... __________________ Make a bank with Chaturbate - the best selling webcam program Ads that can't be block with AdBlockers !!! /// Best paying popup program (Bitcoin payouts) !!! PHP, MySql, Smarty, CodeIgniter, Laravel, WordPress, NATS... fixing stuff, server migrations & optimizations... My ICQ: 27429884 \| Email:

11-25-2018, 09:36 PM	#4
AdultKing Raise Your Weapon Industry Role: Join Date: Jun 2003 Location: Outback Australia Posts: 15,601	Automated brute force attacks are nothing new, why do they bother you? Put the site behind Cloudflare, add some extra layer of security to your WP install and if you're using the host in your sig, that cardboard cutout toy host then go somewhere better that may have some control over their servers. 1. Run up to date software on your host. 2. Use strong passwords. 3. Explore adding extra security to your CMS/Script installation. 4. Use Cloudflare, it will make your site faster and help secure it. 5. Don't use dubious pretend hosts (often their clients are better targets for automated attacks). Probably a good time to learn about how the Internet works while you're at it.

11-26-2018, 02:24 AM	#7
JuicyBunny So Fucking Banned Industry Role: Join Date: Jun 2010 Location: Tokyo Red Light District Posts: 2,145	Loginizer is also helpful. Light weight but performs like wordfence.

11-26-2018, 09:37 AM	#8
tfto GFY and your feelings. Industry Role: Join Date: Sep 2001 Location: On the farm. Posts: 2,120	Block all the countries/IP ranges, whose traffic is useless. China. Russia. All of Africa. Brazil. Most of Asia. That's where I've seen where most of the bots come from. All that traffic is totally useless and they are fishing for files to exploite.

11-26-2018, 08:36 PM	#10
HairyChick Slowly dying Industry Role: Join Date: Sep 2012 Location: Padanaram Posts: 3,091	I mentioned renaming the login page. Captcha is a great idea, thanks. I didn’t see several posts but they probably list what others said. GoDaddy really needs to learn how to secure their accounts. Bluehost and dreamhost do as well. The bots use mostly foreign IPs and China hasn’t been used yet. A lot of private server accounts and a lot of numeric hosts. Hate to block a whole class of IP as often it blocks too much. Eventually I’ll make a list of open accounts. I’d estimate I’ve seen more than a thousand accounts that are compromised. My first experience with this was 1994. My host called to say they’d shut off my paysite due to extreme traffic. DOS wasn’t popular then but bots trying to hack were. My host was small so a surge would cause other customers to lag. Solution was to pull me down. I changed hosts fast. They taught me about .htaccess and how blocking worked. One guy wrote me a script that redirects the bad login to Netscape and wrote to .htaccess. I wish I had that script again. These bots are trying to hack but the site isn’t built. A trojan could be left on the box and that was a huge deal in the 90’s. Every visitor was allowed to say YES to the pop up and install “free pictures” but it was a trojan that logged keyboard clicks or deleted most of Windows. Ah, the good old days. Creative minds wasted on viruses. I researched and talked to packet kiddies to learn. I didn’t want to cause issues, just wanted to learn how and why. I’m always curious about how they get access. 2018 and it still goes on. __________________ ***************************************** Anti-Semites have Small Penis Syndrome. The only known treatment is electroshock therapy combined with cerebellum removal. Fortunately, it’s a tiny procedure. *****************************************