RSS feed
Nieuws
Jul
13
(HERRINERING) The bruteforce attacks against WordPress and Joomla login pages
Geplaatst door Mike-Support Helpburo.eu aan 13-07-2015 13:16

We herhalen het nog maar eens!

The bruteforce attacks against WordPress and Joomla login pages - as written here already: https://www.helpburo.eu/index.php?/News/NewsItem/View/67/massale-brute-force-pogingen-op-wordpress-sites - are getting worse all over the internet, not only on your server.

Even worse are the WordPress xmlrpc pingback attacks which are well known
since years - see here a description and also a solution to this
problem: http://perishablepress.com/wordpress-xmlrpc-pingback-vulnerability/

The problem is, that the attacks are coming from thousands of IPs in parallel, which even overloads those plug-ins. There exists currently only one solution:

1) Joomla installations
Use Plesk or DirectAdmin frontend to password-protect the directory /administrator of the Joomla installation

2) WordPress installations
For WordPress, we must password-protect the access to the file wp-login.php, as this one is opened directly by the attackers. This must be done manually:

a) create a .htpasswd file, either manually on the server or with an online tool like http://www.htaccesstools.com/htpasswd-generator/
b) place the .htpasswd file in the base directory of your WordPress installation
c) create in the base directory of your WordPress installation a .htaccess file with the following lines - if already a .htaccess file exists, add those lines to the absolute top of the file:

# Stop Apache from serving .ht* files
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>

# Protect wp-login
<Files wp-login.php>
AuthUserFile /YYYYY/.htpasswd
AuthName "Private access"
AuthType Basic
require user XXXXX
</Files>

- replace the XXXXX with the username you used in the .htpasswd file.
- replace /YYYYY with the full path to your hosting directory, eg:
  /var/www/vhosts/testdomain.nl/httpdocs/.htpasswd   (Plesk style)
  /home/user/domains/testdomain.nl/public_html/.htpasswd  (DirectAdmin style)

For server owners:

THIS MUST BE DONE FOR ALL WORDPRESS OR JOOMLA INSTALLATIONS ON THE SERVER!


Reacties (0)
Help Desk Software