Site attacks

Started by TechAdmin, October 17, 2023, 02:15:25 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

TechAdmin

Hello ladies and gents.

The main site is being attacked quite a bit and our firewall is heavily at work to make sure nobody gets in. It's the first time it automatically emailed me, 6 times even, to let me know about such an attack surge.

All this comes down to - if we get some server hiccups you know why. Defenses holding up high as of now.
I should probably clarify that this has nothing to do with your passwords and there is no need to change them, it's a pure hacking attempt, trying to inject SQL code through our WordPress side.
Currently Tech Admin on here, you can also call me Flavio :) ...Yes, I am friendly! (Maybe) :P

Capt. BassinLou

Appreciate the info, Flavio.

TechAdmin

Well they can ^-^ off, I went in and server banned the IPs connected to this madness. It was still going after over an hour, enough. Most likely behind some proxy or VPN or whatever, because it was from Canada, USA and UK so... ~xyz
Currently Tech Admin on here, you can also call me Flavio :) ...Yes, I am friendly! (Maybe) :P

TechAdmin

Not a single attack after the bans, I think that hit the spot PoPo
Currently Tech Admin on here, you can also call me Flavio :) ...Yes, I am friendly! (Maybe) :P

Donald Garner

Flavio

Thanks for the heads up and for taking care of the issue.   You're the MAN  ~bb  ;)
Belton Texas part of God's Country
Stratos 285 Pro XL Yamaha 150 VMax; Lowrance Hook 7 Electronics; Minn Kota Foretrex Trolling Motor

G3 1548 Alwed Jon boat Yamaha 25hp outboard 

apenland01

My crappie club forum site has been down for 3 days now and one of my bass sites has been down for the past 2 days.  Clearly forum attacks are on the rise....

Smallie_Stalker

@TechAdmin

Thanks for posting this Flavio! One of my upcoming courses is on SQL code injection, both how to do it and how to defend against it. I wonder if they will cover plugins like this.

Either way I can put your information to good use.

Sent from my SM-S908U using Tapatalk

Dobyns Rods   Titan Tungsten   Abu Garcia  Berkley  Pflueger  Spiderwire

D.W. Verts

Thanks for your diligence, Tech Dude.

(and I understood just about ZERO of what you said)

Dale
Old School Bass Fishin', My Hickbilly Life, and Hickbilly Outdoors with D.W. Verts on YOUTUBE!

TechAdmin

This hasn't stopped, I had to ban (hard ban, on server side) numerous extra IP addresses as there seems someone or some kind of bots are absolutely hell-bent on trying to hack both the Wordpress side and now the forum side too. It's been going on for days, some IP addresses have been reported as well because they are not behind proxy/VPN by the looks of it.
This morning was bad enough for me to be late for a trip ~rant
Will be in touch later, checking every now and then.
Currently Tech Admin on here, you can also call me Flavio :) ...Yes, I am friendly! (Maybe) :P

Mike Cork

Is there anything we can do on the Word Press side?

Fishing is more than just a hobby

Dobyns Rods - Monster Fishing Tackle
Cork's Reel Service

TechAdmin

Negative, that stuff is on me, it's .htaccess server bans, you may read about it huh... I wrote it in a couple places, this comes to mind: https://www.stopforumspam.com/forum/viewtopic.php?pid=42838#p42838
Wordpress is already running Wordfence, which is helping a LOT with detection.
Currently Tech Admin on here, you can also call me Flavio :) ...Yes, I am friendly! (Maybe) :P

TechAdmin

Large botnet attacked Wordpress side trying to login as administrator, no success and lots of IPs have been automatically banned for 2 months.

Mostly coming from Brazil, but I've seen Lebanon and Iraq, so a bit all over the world, specifically targeting us.

The whole attack lasted TWO minutes, but for bots it's long enough... I can confirm they did NOT manage to login. I get an email whenever an admin logs on :)
Currently Tech Admin on here, you can also call me Flavio :) ...Yes, I am friendly! (Maybe) :P

apenland01

Private message boards have been under attack for the last few months.  Everyone having to up their security game...

TechAdmin

Some more bans today...
Currently Tech Admin on here, you can also call me Flavio :) ...Yes, I am friendly! (Maybe) :P