Approve the Cookies
This website uses cookies to improve your user experience. By using this site, you agree to our use of cookies and our Privacy Policy.
OK
Forums  •   • New posts  •   • RTAT  •   • 'Best of'  •   • Gallery  •   • Gear
Guest
Forums  •   • New posts  •   • RTAT  •   • 'Best of'  •   • Gallery  •   • Gear
Register to forums    Log in

 
FORUMS Post Processing, Marketing & Presenting Photos The Business of Photography 
Thread started 15 Apr 2013 (Monday) 07:00
Search threadPrev/next
sponsored links (only for non-logged)

Attacks on Wordpress, Joomla, Drupal, & Magento

 
NewCreation
Goldmember
Avatar
3,216 posts
Gallery: 47 photos
Best ofs: 1
Likes: 616
Joined Jan 2013
Location: Michigan
     
Apr 15, 2013 07:00 |  #1

Hey All,

I know many of us use Wordpress and similar CMS for our sites. I just received an email from one of my hosting providers that there have been some strong hacking attacks on hosted platforms.

Below is a link to the blog post from them: http://blog.mochahost.​com …ect-our-sites-against-it/ (external link) While I don't use this host for Wordpress, it's probably a good reminder for us all to update our passwords.

HTH.


My name is Brenda ~Saved by grace, walking by faith
http://brendahoffmanph​otography.com (external link)
Facebook (external link)

  
  LOG IN TO REPLY
kcpyro
Member
115 posts
Likes: 1
Joined Nov 2012
     
Apr 15, 2013 10:00 |  #2

I got a spam email yesterday but that was all I saw.


Canon 5D mkII | 24-70 f/2.8L II | 70-200 f/2.8L | 50mm F/1.4 | 85mm F/1.8
Kansas City Senior Portraits (external link)

  
  LOG IN TO REPLY
Picture ­ North ­ Carolina
Gaaaaa! DOH!! Oops!
9,318 posts
Likes: 248
Joined Apr 2006
Location: North Carolina
     
Apr 15, 2013 10:15 as a reply to  @ kcpyro's post |  #3

Your thread title is misleading and deceptive. It seems to say there has been attacks on....

However, the article you link to is a generic "use strong passwords / secure your sites" article, and as far as I can see, does not report any recent large attack underway.


Website (external link) |

  
  LOG IN TO REPLY
NewCreation
THREAD ­ STARTER
Goldmember
Avatar
3,216 posts
Gallery: 47 photos
Best ofs: 1
Likes: 616
Joined Jan 2013
Location: Michigan
     
Apr 15, 2013 10:24 |  #4

Picture North Carolina wrote in post #15829755 (external link)
Your thread title is misleading and deceptive. It seems to say there has been attacks on....

However, the article you link to is a generic "use strong passwords / secure your sites" article, and as far as I can see, does not report any recent large attack underway.

I do not mean to be misleading. My host did indicate in an email that there were currently "new global brute-force attack on against ALL – WordPress, Joomla, and Drupal sites (possibly other) across the entire web hosting industry." This link is to the text of the email I received from my host: http://us5.campaign-archive2.com …d=3e2d18b82b&e=​7a37714434 (external link) which indicates that there is currently a brute force attack.


My name is Brenda ~Saved by grace, walking by faith
http://brendahoffmanph​otography.com (external link)
Facebook (external link)

  
  LOG IN TO REPLY
whitesell
Senior Member
Avatar
361 posts
Joined Feb 2009
Location: St. Albert, AB Canada
     
Apr 15, 2013 12:42 |  #5

There is indeed an attack underway...

many current news stories - here's one:

http://www2.macleans.c​a …t-by-major-hacker-attack/ (external link)

Regards,
Jim


Edmonton portrait photographer (external link)
Google Business Photos Edmonton (external link)
Gear list

  
  LOG IN TO REPLY
Todd ­ Lambert
I don't like titles
Avatar
12,643 posts
Gallery: 9 photos
Likes: 131
Joined May 2009
Location: On The Roads Across America
     
Apr 15, 2013 13:19 |  #6

Yup, it's live and being exploited. Be sure to update your version of WordPress and changing your passwords is always a good idea.

Personally, I've yet to see this in actual use on any sites for me or my clients... but it looks like your hosting provider is really the one who is going to help alleviate this. Most of the large providers are already on top of this though. I was notified last week by mine.




  
  LOG IN TO REPLY
scorpio_e
Cream of the Crop
Avatar
7,402 posts
Gallery: 3 photos
Likes: 264
Joined Aug 2007
Location: Pa
     
Apr 15, 2013 13:23 |  #7

This is what I received from wordfence:

Dear WordPress Publisher,

If you would like to stop receiving WordPress security alerts and product updates from Wordfence, you can click here. You subscribed to this list via the Wordfence security plugin for WordPress.
I'm sure you've seen the news reports during the last 72+ hours about a "massive" "global" "distributed" brute force attack on WordPress systems.

Brute force attacks are ongoing, and this is simply an increase in frequency. To protect yourself, make sure all default accounts like "admin" have been deleted or renamed and that your passwords are very difficult to guess. A brute-force attack is a relatively unsophisticated attack where one or more remote machines try to guess your password.

The more successful attacks are attacks where a back-door known only to a hacker (a zero day vulnerability) is exploited to gain access to your system without logging in. The Timthumb vulnerability which I discovered and fixed last year is an example of this. I haven't seen any reports of a new "zero day" vulnerability being exploited in this attack.

The nature of the attack does suggest that a large portion of the brute force attacks currently underway may be originating from an individual or a single group. If successful this will result in a single individual or group having access to a large distributed network of compromised WordPress servers on relatively high bandwidth links. They can then launch further attacks from this platform. However, whether the attacks are being orchestrated by one person or one group should not affect how you protect yourself.

In this case:

1. Make sure your "admin" account has been renamed.

2. Make sure all your passwords are difficult to guess.

3. Make sure you've disabled and deleted all unused themes and plugins.

Don't be alarmed if you see an increased flow of login attempts on your Wordfence live traffic screen (The Logins and Logouts panel). As long as your passwords are hard to guess and you've removed the "admin" account, you'll most likely be just fine. If you're bored, you can manually block each malicious IP address using Wordfence, or even block the originating Networks. But I'm not doing this on my personal sites because I have strong passwords and no admin account.


www.steelcityphotograp​hy.com (external link)

  
  LOG IN TO REPLY
digitalretouch
Mostly Lurking
15 posts
Joined Nov 2012
     
Apr 15, 2013 13:59 |  #8

Another good thing to do (I had a neglected site totally attacked and erased by my hosting provider - all unbeknownst to me) is to install a WP Update Notifier plugin. So that you don't have some old version of Wordpress, full of holes, waiting to be exploited. That way, if you aren't visiting your admin site every day, you will still be emailed that Wordpress has an update.


San Fernando Valley Photographer Pat Harris
Website (external link)
Favorite gear: Canon 60D, Sigma 30mm f1.4

  
  LOG IN TO REPLY
Kronie
Goldmember
Avatar
2,183 posts
Likes: 7
Joined Jun 2008
     
Apr 15, 2013 14:23 |  #9

I just love these internet attacks that no none really notices. Its like our color coding system from after 911.

Would this be an orange or a yellow?




  
  LOG IN TO REPLY
Luckless
Goldmember
3,064 posts
Likes: 189
Joined Mar 2012
Location: PEI, Canada
     
Apr 15, 2013 15:11 |  #10

Kronie wrote in post #15830732 (external link)
I just love these internet attacks that no none really notices. Its like our color coding system from after 911.

Would this be an orange or a yellow?

There are a massive amount of attacks that are dangerous but barely noticed. If given access to Thousands of sites with a reasonable crowd draw of a few hundred to a few thousand users daily, then that puts a hacker in a position to do a lot more damage down the road.

There are a few main types that would make an attack like this:
1. Simple 'cause we can' types. Their goal is to gain access, explore, and generally be geeks. Mostly harmless, often helpful.
2. The 'trolls and for the lulz' types, who would want access to such systems to compromise them and cause general havoc.
3. The "strategic stepping stones". The goal for such a simple low level attack is the basis of a larger attack. Setting up a foundation from which to do more damage. Given enough compromised servers under their control, they can quietly set things up to gather more resources, create infection points for another attack where users visiting the site pick something up, actively attacking using the processing and network power provided by the stolen server, etc.


Canon EOS 7D | EF 28 f/1.8 | EF 85 f/1.8 | EF 70-200 f/4L | EF-S 17-55 | Sigma 150-500
Flickr: Real-Luckless (external link)

  
  LOG IN TO REPLY
Kronie
Goldmember
Avatar
2,183 posts
Likes: 7
Joined Jun 2008
     
Apr 15, 2013 15:31 |  #11

Right but its just being sensationalized across the media just like everything else. I realize that we are in an age where everything is connected and there is a risk of attack but is an attack imminent on my websites? Highly unlikely. Its just more scare tactic reporting.....




  
  LOG IN TO REPLY
whitesell
Senior Member
Avatar
361 posts
Joined Feb 2009
Location: St. Albert, AB Canada
     
Apr 16, 2013 07:52 |  #12

Kronie wrote in post #15831042 (external link)
Right but its just being sensationalized across the media just like everything else. I realize that we are in an age where everything is connected and there is a risk of attack but is an attack imminent on my websites? Highly unlikely. Its just more scare tactic reporting.....

Hi Kronie, Sensationalized?? perhaps that's your opinion - but I see this as a very real threat. I have several Wordpress sites and spent much of one day recently strengthening them. One of the vulnerabilities of stock wordpress sites is that the admin login page is always at the same location which gives an attacker a point to start a brute force password attack.

One of the items that is done when you run the 'Better WP Security' plugin is to move the login page to something other than the default location. Then another item is to lock out an ip address that continually tries to access the old (default) login location. Since doing this, I now see that ALL my sites have been probed. I get emails alerting me to this activity that look like this:

A host, 5.9.112.179(you can check the host at http://ip-adress.com/ip_tracer/5​.9.112.179 (external link)) has been locked out of the WordPress site at http://www.WEBSITENAME​REMOVED.com (external link) until Monday, April 15th, 2013 at 9:54:51 pm UTC due to too many attempts to open a file that does not exist. You may login to the site to manually release the lock if necessary.

Further checks of the logs show active attempts at breaking in.

If my little sites here in nowhere, Canada are being attacked, you can bet others are as well. You ask, "...is an attack imminent on my websites?"

YES.

If you use wordpress, you won't know unless you check your server logs. Has your site been probed? Has someone tried to get in without permission? YES. I'd put money on it.

The 'Better WP Security' plugin is free and doesn't take long to go through and configure. If you don't use it or something similar you'll likely never know when attempts to login have occurred. If you care, my suggestion is to take a few minutes and better protect yourself.

Regards,
Jim


Edmonton portrait photographer (external link)
Google Business Photos Edmonton (external link)
Gear list

  
  LOG IN TO REPLY
joedlh
Cream of the Crop
Avatar
5,511 posts
Gallery: 52 photos
Likes: 684
Joined Dec 2007
Location: Long Island, NY, N. America, Sol III, Orion Spur, Milky Way, Local Group, Virgo Cluster, Laniakea.
     
Apr 16, 2013 08:14 as a reply to  @ whitesell's post |  #13

I check my logs regularly. There are always probes trying to hit weak spots. The number of hits actually outnumbers valid visitors. It's not just Wordpress. Another frequent target is PHPAdmin, which is a mySQL web app. Organized crime smells blood in the waters of the internet and are in a food frenzy. The authorities are putting their efforts toward stopping script kiddies and hackers who are embarrassing them instead of going after the guys who are trying to steal our money. Some governments look the other way because it's bringing stolen revenue into their economies. You have to take care of yourself.


Joe
Gear: Kodak Instamatic, Polaroid Swinger. Oh you meant gear now. :rolleyes:
http://photo.joedlh.ne​t (external link)
Editing ok

  
  LOG IN TO REPLY
Kronie
Goldmember
Avatar
2,183 posts
Likes: 7
Joined Jun 2008
     
Apr 16, 2013 08:34 |  #14

whitesell wrote in post #15833305 (external link)
The 'Better WP Security' plugin is free and doesn't take long to go through and configure. If you don't use it or something similar you'll likely never know when attempts to login have occurred. If you care, my suggestion is to take a few minutes and better protect yourself.

Regards,
Jim

Honestly I have other stuff to worry about than my site being probed and someone trying to hack into my site. I care about successful logins not unsuccessful ones. Probe away....I have had wordpress sites up for years and have never been hacked. Of course now I probably will....

This is exactly what I am talking about. Now there is a plugin and you can be alerted constantly for unauthorized login attempts. Talk about living in fear....Do you really need to know this information that you can do nothing about except worry? Maybe spend more time out shooting and less time worrying about who is trying to log into your site.




  
  LOG IN TO REPLY
Kronie
Goldmember
Avatar
2,183 posts
Likes: 7
Joined Jun 2008
     
Apr 16, 2013 08:36 |  #15

That being said I think that moving the login location off the WP URL is a great idea.




  
  LOG IN TO REPLY
sponsored links (only for non-logged)

2,809 views & 0 likes for this thread, 13 members have posted to it.
Attacks on Wordpress, Joomla, Drupal, & Magento
FORUMS Post Processing, Marketing & Presenting Photos The Business of Photography 
AAA
x 1600
y 1600

Jump to forum...   •  Rules   •  Forums   •  New posts   •  RTAT   •  'Best of'   •  Gallery   •  Gear   •  Reviews   •  Member list   •  Polls   •  Image rules   •  Search   •  Password reset   •  Home

Not a member yet?
Register to forums
Registered members may log in to forums and access all the features: full search, image upload, follow forums, own gear list and ratings, likes, more forums, private messaging, thread follow, notifications, own gallery, all settings, view hosted photos, own reviews, see more and do more... and all is free. Don't be a stranger - register now and start posting!


COOKIES DISCLAIMER: This website uses cookies to improve your user experience. By using this site, you agree to our use of cookies and to our privacy policy.
Privacy policy and cookie usage info.


POWERED BY AMASS forum software 2.58forum software
version 2.58 /
code and design
by Pekka Saarinen ©
for photography-on-the.net

Latest registered member is Niagara Wedding Photographer
864 guests, 162 members online
Simultaneous users record so far is 15,144, that happened on Nov 22, 2018

Photography-on-the.net Digital Photography Forums is the website for photographers and all who love great photos, camera and post processing techniques, gear talk, discussion and sharing. Professionals, hobbyists, newbies and those who don't even own a camera -- all are welcome regardless of skill, favourite brand, gear, gender or age. Registering and usage is free.