pancakes

MicrostockGroup Sponsors


Author Topic: My Symbiostock Site Under Attack - As a game of PONG  (Read 10647 times)

0 Members and 1 Guest are viewing this topic.

Leo Blanchette

« on: September 05, 2013, 19:27 »
0
My Website Under a xmlrpc.php Attack!


Boy, I sure hope I'm winning.

More on this: http://perishablepress.com/wordpress-xmlrpc-pingback-vulnerability/


Leo Blanchette

« Reply #1 on: September 05, 2013, 19:49 »
0
And here it is again, with Bad Behavior plugin turned back on :D

Symbiostock Site Under xmlrpc attack with "Bad Behavior Plugin" Installed


Notice how much the system resources were freed up. These attacks are pretty horrific! The spammers are still trying, but now getting a 403 and wasting their resources.

Ron

« Reply #2 on: September 06, 2013, 00:40 »
0
Do we need to do anything? Or is your post just FYI?

« Reply #3 on: September 06, 2013, 01:08 »
+1
To be honest: I don't really understand what I'm seeing here, but it looks alarming. Really hope you can manage to get rid of this, Leo.
Is there anything we can do to protect our sites?

« Reply #4 on: September 06, 2013, 01:18 »
+1
And here it is again, with Bad Behavior plugin turned back on :D

Symbiostock Site Under xmlrpc attack with "Bad Behavior Plugin" Installed

Notice how much the system resources were freed up. These attacks are pretty horrific! The spammers are still trying, but now getting a 403 and wasting their resources.


Leo,

Should we install bad behaviour?
I remember you saying it has special settings, any chance of giving some guidance on the settings at all please

Thanks
Mark

« Reply #5 on: September 06, 2013, 01:38 »
0
I turned off bad behaviour as it prevented pp payments.

I notice that wordfence is currently throttling a user though (again) as they are exceeding the maximum global requests permitted -would this be a similar thing?

« Reply #6 on: September 06, 2013, 04:59 »
0
The link at the bottom of leo's first post explains the problem and gives you code to add to the bottom of your htaccess file (in root folder).

« Reply #7 on: September 06, 2013, 11:15 »
+3
The link at the bottom of leo's first post explains the problem and gives you code to add to the bottom of your htaccess file (in root folder).

Or
the link at the bottom of Leo's post gave an explanation if you understand it.  I don't have a clue what it means or which code is applicable and so it is probably safer not to touch anything ?

sc

« Reply #8 on: September 06, 2013, 11:59 »
+1
The link at the bottom of leo's first post explains the problem and gives you code to add to the bottom of your htaccess file (in root folder).

Or
the link at the bottom of Leo's post gave an explanation if you understand it.  I don't have a clue what it means or which code is applicable and so it is probably safer not to touch anything ?

Totally Agree.
Far too often these discussions are way above my head.

Steve

« Reply #9 on: September 06, 2013, 13:04 »
0
The xml-rpc.php file is in your wp folder. It allows a way to post using blogger and pingbacks. Hackers are using it to invade wp sites. This is a very simple explanation, you could google for more details.   If you add the code shown in the article, listed under alternate .htaccess method, to your root .htaccess file, you can prevent the hacking.


Most of this stuff is over my head too, but to me, this one seemed pretty easy to implement.

Leo Blanchette

« Reply #10 on: September 06, 2013, 14:04 »
0
Wow, I really scared a few people! Got a few personal messages on it. :D

Don't worry - my servers been up a few years! I'm sure shared hosting watches stuff like that. Its just funny to witness the hacking in the cyber-space-invaders classic arcade setting.

I'd say don't worry about it yet.

« Reply #11 on: September 06, 2013, 14:53 »
0
Is there any harm in adding that code to the htaccess file? I am not as confident in shared hosting as i used to be. ;D

sc

« Reply #12 on: September 06, 2013, 15:27 »
+1
The xml-rpc.php file is in your wp folder. It allows a way to post using blogger and pingbacks. Hackers are using it to invade wp sites. This is a very simple explanation, you could google for more details.   If you add the code shown in the article, listed under alternate .htaccess method, to your root .htaccess file, you can prevent the hacking.


Most of this stuff is over my head too, but to me, this one seemed pretty easy to implement.

No offense but it isn't for those of us who aren't really into code.
And just a personal observation - it seems just about everybody who has or is having major issues is messing with code.
My site is working and I'm gonna leave it alone.

steve

Leo Blanchette

« Reply #13 on: September 06, 2013, 15:31 »
+1
The xml-rpc.php file is in your wp folder. It allows a way to post using blogger and pingbacks. Hackers are using it to invade wp sites. This is a very simple explanation, you could google for more details.   If you add the code shown in the article, listed under alternate .htaccess method, to your root .htaccess file, you can prevent the hacking.


Most of this stuff is over my head too, but to me, this one seemed pretty easy to implement.

No offense but it isn't for those of us who aren't really into code.
And just a personal observation - it seems just about everybody who has or is having major issues is messing with code.
My site is working and I'm gonna leave it alone.

steve

He's right. I probably have the worst issues of all of us, and I mess with the code every day. There's definitely a pattern there :D

« Reply #14 on: September 06, 2013, 15:35 »
0
+1
As they say, if it works, don't touch it.

The big dilemma is, that sometimes it doesn't work.

« Reply #15 on: September 06, 2013, 15:37 »
0
And when it doesnt work, it gonna be too late to go messing around with the code.  :)

Leo Blanchette

« Reply #16 on: September 06, 2013, 15:38 »
0
Is there any harm in adding that code to the htaccess file? I am not as confident in shared hosting as i used to be. ;D

Don't mess with the .htaccess file! Even if your site appears to be running you can easily run up a 1-gig sized error file as it serves pages on errors for a month straight.

You'll know when your getting targeted! Hosts often babysit shared environments and when your no longer a baby they will ask you politely to scale up, lock down, or leave. They leave dedicated servers alone to the wolves :D

I have a A LOT to catch up on, but I think I need to make a good security tutorial that people can "set it and forget it". I just have to add it to my never-ending b----list
« Last Edit: September 06, 2013, 15:42 by Leo »

sc

« Reply #17 on: September 06, 2013, 17:22 »
0
I kinda equate fiddling with the code to
Messin' with Sasquatch

<a href="http://youtu.be/G6X8rjRIQkI" target="_blank" class="aeva_link bbc_link new_win">http://youtu.be/G6X8rjRIQkI</a>


 

Related Topics

  Subject / Started by Replies Last post
40 Replies
14738 Views
Last post February 06, 2014, 02:21
by yuliang11
6 Replies
3160 Views
Last post April 15, 2013, 18:31
by cascoly
10 Replies
1890 Views
Last post June 24, 2013, 17:00
by DonLand
My Symbiostock site

Started by stockphoto-images.com Symbiostock - General

5 Replies
1665 Views
Last post July 24, 2013, 19:03
by stockphoto-images.com
17 Replies
5300 Views
Last post February 10, 2014, 19:25
by cathyslife

Sponsors

Mega Bundle of 5,900+ Professional Lightroom Presets

Microstock Poll Results

Sponsors

3100 Posing Cards Bundle