MicrostockGroup Sponsors


Author Topic: WordPress sites under heavy attack right now - how you can protect your site  (Read 6420 times)

0 Members and 2 Guests are viewing this topic.

« on: February 10, 2014, 14:51 »
0
I just received this mail and thought I share for those who haven't protected their sites:

As of 11am eastern time this morning we are monitoring the largest distributed brute force attack on WordPress installations that we've seen to date. The real-time attack map on www.wordfence.com became so busy that we've had to throttle the amount of traffic we show down to 4% of actual traffic.

A brute force attack is when an attacker tries many times to guess your username password combination by repeatedly sending login attempts. A distributed brute force attack is when an attacker uses a large number of machines spread around the internet to do this in order to circumvent any blocking mechanisms you have in place.

If you're using the free or paid version of Wordfence you should have the option to "Participate in the real-time Wordfence security network" under 'Other options' enabled. This will immediately block any attack originating from an IP address that has attacked other WordPress sites using Wordfence. This is an effective defense against this kind of attack.

We recommend that until this passes you monitor your WordPress websites closely for unusual activity including logins, account creation or changes to the public facing website.


Shelma1

  • stockcoalition.org
« Reply #1 on: February 10, 2014, 15:17 »
0
Who was the email from? I'm a little skeptical because I haven't received an email, though I'm on WordPress and I use Wordfence. It could just be an attempt to sell the pro version of WordFence, or it could be a scam (or it could be true). I wouldn't click on any link in that email.

farbled

« Reply #2 on: February 10, 2014, 15:36 »
0
I use wordfence and someone tried earlier today to access stuff on one of mine. WF caught it, notified me and I changed what they tried to access. Works for me.

« Reply #3 on: February 10, 2014, 15:47 »
0
Who was the email from? I'm a little skeptical because I haven't received an email, though I'm on WordPress and I use Wordfence. It could just be an attempt to sell the pro version of WordFence, or it could be a scam (or it could be true). I wouldn't click on any link in that email.

It's a security mail from wordfence and the only link I posted is the one to wordfence.com ... I don't think it's scam. At least I hope  :-\

« Reply #4 on: February 10, 2014, 15:53 »
0
I got the same email.

« Reply #5 on: February 10, 2014, 15:54 »
0
Who was the email from? I'm a little skeptical because I haven't received an email, though I'm on WordPress and I use Wordfence. It could just be an attempt to sell the pro version of WordFence, or it could be a scam (or it could be true). I wouldn't click on any link in that email.

I got it too.

Shelma1

  • stockcoalition.org
« Reply #6 on: February 10, 2014, 16:12 »
0

marthamarks

« Reply #7 on: February 10, 2014, 16:37 »
0
I also got the email alert from WordFence. I had deactivated the WF plugin some time back because it seemed to conflict with something (I don't remember what). But I reactivated it today after the alert came in.

Not sure if WF is suggesting we should pay for their upgrade? Or is the free version enough? Does anybody know?

« Reply #8 on: February 10, 2014, 16:41 »
0
"If you're using the free or paid version of Wordfence you should have the option to "Participate in the real-time Wordfence security network" under 'Other options' enabled."

I use the free version and found the option mentioned ... it seems the free version protects my site.

Ron

« Reply #9 on: February 10, 2014, 17:19 »
0
There is nothing in the news about it, so its probably not as bad and maybe indeed a sales pitch to get Wordfence.

Shelma1

  • stockcoalition.org
« Reply #10 on: February 10, 2014, 17:38 »
0
I opted in to the real-time Wordfence thingy and it sends me an email every morning warning me it's found "problems" on my site, and then tries to sell me on the pro version. Needing an upgrade is apparently a "serious problem."

"Wordfence found the following new issues on "vector999.com royalty-free fair trade illustration direct". NOTE: Upgrading to the paid version of Wordfence gives you two factor authentication (sign-in via cellphone) and country blocking which are both effective methods to block attacks. You can also schedule when your scans occur with Wordfence Premium. Click here to sign-up for the Premium version of Wordfence now. https://www.wordfence.com/wordfence-signup/ Alert generated at Thursday 6th of February 2014 at 10:30:28 AM Critical Problems: * The Theme "SYMBIOSTOCK" needs an upgrade."

« Reply #11 on: February 10, 2014, 18:00 »
0
I opted in to the real-time Wordfence thingy and it sends me an email every morning warning me it's found "problems" on my site, and then tries to sell me on the pro version. Needing an upgrade is apparently a "serious problem."

"Wordfence found the following new issues on "vector999.com royalty-free fair trade illustration direct". NOTE: Upgrading to the paid version of Wordfence gives you two factor authentication (sign-in via cellphone) and country blocking which are both effective methods to block attacks. You can also schedule when your scans occur with Wordfence Premium. Click here to sign-up for the Premium version of Wordfence now. https://www.wordfence.com/wordfence-signup/ Alert generated at Thursday 6th of February 2014 at 10:30:28 AM Critical Problems: * The Theme "SYMBIOSTOCK" needs an upgrade."

I use wordfence since almost one year and never got this email. Only similar emails which inform me about updates of other plugins or the theme.

« Reply #12 on: February 10, 2014, 18:02 »
0
I don't use Wordfence and I haven't gotten an email. I checked my site and all looks ok, nothing unusual. I think it's a Wordfence thing, not a Wordpress thing.
« Last Edit: February 10, 2014, 18:05 by cathyslife stockphotos.com »

« Reply #13 on: February 10, 2014, 18:05 »
0
I don't use Wordfence and I haven't gotten an email. I checked my site and all looks ok, nothing unusual.

Well, if you don't use Wordfence it's quite consequential that you don't receive emails from them ...

« Reply #14 on: February 10, 2014, 18:07 »
+1
I don't use Wordfence and I haven't gotten an email. I checked my site and all looks ok, nothing unusual.

Well, if you don't use Wordfence it's quite consequential that you don't receive emails from them ...

It's also quite consequential that it's not a Wordpress thing, but a Wordfence scam.  :)

« Reply #15 on: February 10, 2014, 18:13 »
0
Not sure about that ... in any case a good reminder to protect your site ... using Wordfence or another plugin like Bad-behavior.

« Reply #16 on: February 10, 2014, 18:18 »
0
duplicate post 
« Last Edit: February 10, 2014, 19:34 by cathyslife stockphotos.com »

« Reply #17 on: February 10, 2014, 19:25 »
-1
Not sure about that ... in any case a good reminder to protect your site ... using Wordfence or another plugin like Bad-behavior.

 :)


 

Related Topics

  Subject / Started by Replies Last post
1 Replies
2471 Views
Last post May 28, 2012, 18:34
by lisafx
3 Replies
2564 Views
Last post July 15, 2012, 22:44
by ruxpriencdiam
22 Replies
6272 Views
Last post May 18, 2013, 13:19
by Pilens
17 Replies
11351 Views
Last post September 06, 2013, 17:22
by sc
19 Replies
11793 Views
Last post February 16, 2016, 05:40
by Lana

Sponsors

Mega Bundle of 5,900+ Professional Lightroom Presets

Microstock Poll Results

Sponsors