Any one know anything about hacking a site?

treeman

treeman

Messages
4,094
Name
Mark
Edit My Images
No
So my wordpress site has been attacked over the last few days, (and has just started again now) at its height over 100 attempts an hour to get in. Fortunately a plugin limits the failed attempts and blocks the ip for 48 hours, but they seem to use a different ip each time.

I’m slightly fascinated to know

a) why they’re doing it?

b) how?

is it through software and they’ve actually no idea what site they’re trying to get into or is my site targeted specifically, and is someone literally continually entering different passwords in the hope they get in or is it all automated?
 
Discusion of said techniques are not permitted here, I suggest you Google for the answer. It is an automated process that is trying to hack your account, try using Roboform to generate a secure password. It is a form filling freeware program that can generate very secure passwords. I suggest changing this password every couple of days until the attacks stop.
 
Discussion of this type of issue is very much permitted and I'll be very interested to watch the development of the thread as I'm just planning a move over to Wordpress to give me a better website
 
sbowler579 said:
Discusion of said techniques are not permitted here, I suggest you Google for the answer.
Click to expand...


not permitted you say....and then

sbowler579 said:
It is an automated process that is trying to hack your account, try using Roboform to generate a secure password. It is a form filling freeware program that can generate very secure passwords. .
Click to expand...


i dont follow how you say its not permitted then carry on talking about it?
 
MWHCVT said:
Discussion of this type of issue is very much permitted and I'll be very interested to watch the development of the thread as I'm just planning a move over to Wordpress to give me a better website
Click to expand...


its not a human being thats trying to get into your website..its all automated ..i really wouldnt worry about it.. happens a lot to everyone.. chances of it getting access is minimal..
 
KIPAX said:
not permitted you say....and then




i dont follow how you say its not permitted then carry on talking about it?
Click to expand...


But I did not give a detailed description of a hacking technique. It was a vague description.:)
 
It'll be automated. Most of it is.

Easiest way to defeat it is to change the name of the wp-admin folder to something weird like a random string or use an .htaccess file within so that someone outside your ip range can't see it all. The latter is the more secure approach.
 
Last edited:
The first thing to do is to check that you have the latest version of wordpress running. Patches are released with security updates periodically. Also, as mentioned, change your passwords and make sure they are 'strong' .
 
treeman said:
Clearly I wasn't after a detailed explanation, but I don't even understand why someone does it, what's the point?

I could understand if I was a bank or something, but what are they going to do when they get on my site, draw willies on all the horses?
Click to expand...

They'd worry about then when they log in and have a look your site. You will just be one of hundreds of thousands of wordpress sites being probed.
 
Some people use the same password for a number of sites, once they have found out one, they may try and use it on your other sites.
 
treeman said:
So my wordpress site has been attacked over the last few days, (and has just started again now) at its height over 100 attempts an hour to get in. Fortunately a plugin limits the failed attempts and blocks the ip for 48 hours, but they seem to use a different ip each time.

I’m slightly fascinated to know

a) why they’re doing it?

b) how?

is it through software and they’ve actually no idea what site they’re trying to get into or is my site targeted specifically, and is someone literally continually entering different passwords in the hope they get in or is it all automated?
Click to expand...


You could put a list of the offending IP addresses in the .htaccess in the WP folder which will block them. If it helps below is a list of brute force attackes attempted on mine recently, TSO Host advised me to do this. Still get one or two but not as many now, certainly not from any of the IP numbers below.
As for why they do it, mental issues, criminal or maybe theyre bored with their usual porn channels:)

How: without much success I'd say.


order allow,deny
allow from all
deny from 37.105.3.230 217.66.228.140 110.171.168.72 82.114.178.30 109.200.180.229 118.96.218.22 217.66.228.140 87.120.54.55 126.19.84.123 180.191.127.210 84.240.232.237 27.123.171.102 118.174.130.37 203.83.73.195 188.186.100.5 120.63.148.49 110.171.168.72 5.250.24.181 158.58.216.121 86.126.216.95 188.134.41.194 1.168.193.120 49.145.198.194 92.245.32.221 223.205.119.106 92.51.112.68 92.255.163.73 95.189.16.136 88.247.17.188 175.139.162.155 81.214.19.213 213.231.134.171 5.55.23.227 125.230.80.242 111.252.46.123 177.140.163.4 178.164.130.54 2.95.27.252 218.103.206.118 109.200.180.229 87.245.203.27 188.66.219.219 87.120.54.55 158.58.216.121 27.123.171.102 126.19.84.123 180.191.127.210 84.240.232.237 203.83.73.195 91.226.56.248 86.126.216.95 118.174.130.37 46.0.64.13 31.162.3.9 92.255.163.73 1.168.193.120 95.189.16.136 213.231.134.171 176.100.87.116 81.214.19.213 111.252.46.123 94.228.30.116 175.139.162.155 5.55.23.227 125.230.80.242 177.140.163.4 124.43.175.241 178.164.130.54 2.95.27.252 87.245.203.27 91.226.56.248 31.162.3.9 46.0.64.13 176.100.87.116 27.131.163.121
 
Why? Because they have very small willies and want to feel important/powerful. How? Don't know but suspect that people with even smaller willies than they have written software that does it automatically while they all sit around with magnifying glasses and tweezers...
 
Nod said:
Why? Because they have very small willies and want to feel important/powerful. How? Don't know but suspect that people with even smaller willies than they have written software that does it automatically while they all sit around with magnifying glasses and tweezers...
Click to expand...

People who are very good at this stuff can actually make quite a lot of money doing it. I suspect this case is someone is using one of those pay per use type things where they just punch in some numbers and the script does all the work. Either way its effect is about the same as banging on a door hoping to get in and hoping a thousand bangs later that a wood panel will break and allow you to open the latch. If it's a secure door the banging won't matter. (read: good password).

I'd also like to say that secure passwords aren't necessarily what people think they are. See: correct horse battery staple. After seeing this and doing my own research on top it opened my eyes a fair bit.
 
neil_g said:
Probably use it to host some phishing scam or malware
Click to expand...
This is why it is done.
They gain access, drop some files on your site that allow them to point people at your site to gain access to their passwords. Passwords for ebay/amazon/bank are gained, you become the unwitting man in the middle and they are away scott free....
 
arad85 said:
This is why it is done.
They gain access, drop some files on your site that allow them to point people at your site to gain access to their passwords. Passwords for ebay/amazon/bank are gained, you become the unwitting man in the middle and they are away scott free....
Click to expand...

That happened to me once on my domain/hosting , they gained access, dropped a file in the root directory, and then used my domain name in some phishing/malware scam -i.e. like the spam Emails you get with dodgy links/zip files, these links directed you to the file they dropped in my root directory.

I must say the hosting admin were quick to shut my domain down, and quickly found the offending file and removed it, of course I had to change passwords/log-in etc, and I got contacted by google when it happened, saying that my domain/name would not be indexed for searches/linking until I could confirm everything was clean.

It's only happened to me once in all the time I've been with this hosting company (around 10 years), but it's not something I'd care to repeat.
 
Post their up next time they do it, let's have some fun whilst they're using the ip!

You'll often find that software is used to avoid traceability, they can bounce you off them onto another IP address (when you try hack them) the guys who allegedly hacked Sonys Playstation Network used a very similar tool.
 
I know it's easy to say, but assuming your site is reasonably secure, and you've not done anything silly like leave the default admin account unchanged, I wouldn't worry too much. They're automated attacks and blocking them is enough to prevent access by brute force.

I used to block ips, but there's far to many to bother.
 
Jdevaney89 said:
Post their up next time they do it, let's have some fun whilst they're using the ip!

You'll often find that software is used to avoid traceability, they can bounce you off them onto another IP address (when you try hack them) the guys who allegedly hacked Sonys Playstation Network used a very similar tool.
Click to expand...
they more than likely use more anonymous proxies than you can poke a stick at.
 
You must log in or register to reply here.
Back
Top