I think that there are different levels of hackers out there. I know that is an obvious thing to say, but it is worth thinking on.
My blog-- which is a WordPress blog-- is always under attack, 24/7. I also manage two other, commercial, WP sites. They are set up in a similar fashion to my blog, but have hardly ever been attacked.
The majority of attacks are likely scripted and merely report back when they find targetable files or assets, like the xmlrpc.php file. Then another script is used to overwhelm the server with requests for the file… which I assume gives the actual hacker some advantage or window of opportunity. Whatever the tertiary goal, the hacker’s ultimate goal is to control the server. From there he/she can then use that server for however long they can keep control of it for whatever purpose suits them.
What can you do about this?
Well, not much it seems. Try to insure that you have complete control of what happens on your server, so, how your server is supposed to react to error requests or robots is a big thing-- that many take for granted. Be aware of the vectors hackers use to gain control (or sow mayhem) like forms or scripts, then shore those bits up as best you can. Any passworded access should use Very Strong passwords and treat usernames the same way. Rotate your passwords on different preset intervals, and whenever you think they are in jeopardy. I also actively block IP addresses engaged in suspicious activity, but the quantity is so enormous and hackers just rotate through IPs they have already compromised that the effectiveness is debatable. I think it slows many of them down, though.
I use software made for WP that automatically locks out IPs that display certain behaviors… similar software for the server would be nice. When alerted, I can choose to take action like blocking that IP or perhaps follow the attack in real time and learn something about the attacker.
What I have learned is there is a multitude of low-level, generally scripted, attacks which are not particularly bright in their method or plan. There are a few, mostly brute force types of attackers which are more worrisome but also usually not long-term successful. Then, there are a very few sneaky bastards, who somehow get close enough to make me stop and rethink my whole strategy. Yikes!
All this is a lot of work… obviously. But what is worse is that it can be all for nothing as the hacker is also trying to get into the other shared sites on that same server and if any of those are weak then the hacker gets control of the whole server-- including your bit of it. As a result I try to keep a good working relationship with my hosting provider regarding security issues. This is harder than it sounds. As a business, they don’t want any legal exposure, so more diplomacy than honesty is what I usually get. But that’s better than nothing, I reckon.
I wish there was a way as an individual to block IPs by country… as there are some that are most annoying (you refer to the russians). This bothers me because it goes against the whole principle of the Internet, but did I also mention how annoying they were? Anyway, they usually fall into that first category that don’t seem to get very far (if I had a nickel for every идиот that guesses my password as cssway or my user name as thebigerns, I would be richer than the pope and the queen put together. Though not as fashionably dressed, of course.
Best of luck to you.
offtopic mailing list
email@hidden
Update your subscriptions at: