MicrostockGroup
Microstock Photography Forum - General => Off Topic => Topic started by: jsfoto on February 10, 2014, 14:51
-
I just received this mail and thought I share for those who haven't protected their sites:
As of 11am eastern time this morning we are monitoring the largest distributed brute force attack on WordPress installations that we've seen to date. The real-time attack map on www.wordfence.com (http://www.wordfence.com) became so busy that we've had to throttle the amount of traffic we show down to 4% of actual traffic.
A brute force attack is when an attacker tries many times to guess your username password combination by repeatedly sending login attempts. A distributed brute force attack is when an attacker uses a large number of machines spread around the internet to do this in order to circumvent any blocking mechanisms you have in place.
If you're using the free or paid version of Wordfence you should have the option to "Participate in the real-time Wordfence security network" under 'Other options' enabled. This will immediately block any attack originating from an IP address that has attacked other WordPress sites using Wordfence. This is an effective defense against this kind of attack.
We recommend that until this passes you monitor your WordPress websites closely for unusual activity including logins, account creation or changes to the public facing website.
-
Who was the email from? I'm a little skeptical because I haven't received an email, though I'm on WordPress and I use Wordfence. It could just be an attempt to sell the pro version of WordFence, or it could be a scam (or it could be true). I wouldn't click on any link in that email.
-
I use wordfence and someone tried earlier today to access stuff on one of mine. WF caught it, notified me and I changed what they tried to access. Works for me.
-
Who was the email from? I'm a little skeptical because I haven't received an email, though I'm on WordPress and I use Wordfence. It could just be an attempt to sell the pro version of WordFence, or it could be a scam (or it could be true). I wouldn't click on any link in that email.
It's a security mail from wordfence and the only link I posted is the one to wordfence.com ... I don't think it's scam. At least I hope :-\
-
I got the same email.
-
Who was the email from? I'm a little skeptical because I haven't received an email, though I'm on WordPress and I use Wordfence. It could just be an attempt to sell the pro version of WordFence, or it could be a scam (or it could be true). I wouldn't click on any link in that email.
I got it too.
-
Article & suggestions from Forbes.
http://www.forbes.com/sites/anthonykosner/2013/04/13/wordpress-under-attack-how-to-avoid-the-coming-botnet/ (http://www.forbes.com/sites/anthonykosner/2013/04/13/wordpress-under-attack-how-to-avoid-the-coming-botnet/)
-
I also got the email alert from WordFence. I had deactivated the WF plugin some time back because it seemed to conflict with something (I don't remember what). But I reactivated it today after the alert came in.
Not sure if WF is suggesting we should pay for their upgrade? Or is the free version enough? Does anybody know?
-
"If you're using the free or paid version of Wordfence you should have the option to "Participate in the real-time Wordfence security network" under 'Other options' enabled."
I use the free version and found the option mentioned ... it seems the free version protects my site.
-
There is nothing in the news about it, so its probably not as bad and maybe indeed a sales pitch to get Wordfence.
-
I opted in to the real-time Wordfence thingy and it sends me an email every morning warning me it's found "problems" on my site, and then tries to sell me on the pro version. Needing an upgrade is apparently a "serious problem."
"Wordfence found the following new issues on "vector999.com royalty-free fair trade illustration direct". NOTE: Upgrading to the paid version of Wordfence gives you two factor authentication (sign-in via cellphone) and country blocking which are both effective methods to block attacks. You can also schedule when your scans occur with Wordfence Premium. Click here to sign-up for the Premium version of Wordfence now. https://www.wordfence.com/wordfence-signup/ (https://www.wordfence.com/wordfence-signup/) Alert generated at Thursday 6th of February 2014 at 10:30:28 AM Critical Problems: * The Theme "SYMBIOSTOCK" needs an upgrade."
-
I opted in to the real-time Wordfence thingy and it sends me an email every morning warning me it's found "problems" on my site, and then tries to sell me on the pro version. Needing an upgrade is apparently a "serious problem."
"Wordfence found the following new issues on "vector999.com royalty-free fair trade illustration direct". NOTE: Upgrading to the paid version of Wordfence gives you two factor authentication (sign-in via cellphone) and country blocking which are both effective methods to block attacks. You can also schedule when your scans occur with Wordfence Premium. Click here to sign-up for the Premium version of Wordfence now. https://www.wordfence.com/wordfence-signup/ (https://www.wordfence.com/wordfence-signup/) Alert generated at Thursday 6th of February 2014 at 10:30:28 AM Critical Problems: * The Theme "SYMBIOSTOCK" needs an upgrade."
I use wordfence since almost one year and never got this email. Only similar emails which inform me about updates of other plugins or the theme.
-
I don't use Wordfence and I haven't gotten an email. I checked my site and all looks ok, nothing unusual. I think it's a Wordfence thing, not a Wordpress thing.
-
I don't use Wordfence and I haven't gotten an email. I checked my site and all looks ok, nothing unusual.
Well, if you don't use Wordfence it's quite consequential that you don't receive emails from them ...
-
I don't use Wordfence and I haven't gotten an email. I checked my site and all looks ok, nothing unusual.
Well, if you don't use Wordfence it's quite consequential that you don't receive emails from them ...
It's also quite consequential that it's not a Wordpress thing, but a Wordfence scam. :)
-
Not sure about that ... in any case a good reminder to protect your site ... using Wordfence or another plugin like Bad-behavior.
-
duplicate post
-
Not sure about that ... in any case a good reminder to protect your site ... using Wordfence or another plugin like Bad-behavior.
:)