SitePoint Sponsor

User Tag List

Results 1 to 10 of 10
  1. #1
    SitePoint Member
    Join Date
    Jun 2012
    Posts
    9
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question IS SOMEONE IS TRYING TO HACK MY BLOG - Help Me

    Hi,
    I have wordpress blog and only i can login my blog is not forum simple fashion blog where i daily publish celebrity gossips, today i was checking my blog stats but suddenly i saw in my blog stats someone is requesting register or sign up or login page and manymore. all the request he/she requested i have took screen shots. i have attached screenshot of that ip address that are trying to hack my blog. plz see the screen shot and help me. what do i do?
    blog stats.JPG
    Last edited by Force Flow; Mar 23, 2013 at 23:24. Reason: reduced text size

  2. #2
    Barefoot on the Moon! silver trophy
    Force Flow's Avatar
    Join Date
    Jul 2003
    Location
    Northeastern USA
    Posts
    4,521
    Mentioned
    51 Post(s)
    Tagged
    1 Thread(s)
    Use your host's control panel or your main htaccess file to block IP addresses.
    Visit The Blog | Follow On Twitter
    301tool 1.1.5 - URL redirector & shortener (PHP/MySQL)
    Can be hosted on and utilize your own domain

  3. #3
    SitePoint Member
    Join Date
    Jun 2012
    Posts
    9
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks , this person is really trying to hack my login info

  4. #4
    SitePoint Mentor silver trophy
    Rubble's Avatar
    Join Date
    Dec 2005
    Location
    Cambridge, England
    Posts
    2,195
    Mentioned
    71 Post(s)
    Tagged
    3 Thread(s)
    If you check your server logs there are people trying to hack into your website all day everyday

    Although this person seems quite determind to get into yours for some reason.

  5. #5
    Robert Wellock silver trophybronze trophy xhtmlcoder's Avatar
    Join Date
    Apr 2002
    Location
    A Maze of Twisty Little Passages
    Posts
    6,316
    Mentioned
    60 Post(s)
    Tagged
    0 Thread(s)
    It's probably a Chinese spambot farm especially with the frequency and large list of generic register/login files it attempted to access. It's unlikely to be a human and likely the IP is already blacklisted on a spam database.

  6. #6
    Mouse catcher silver trophy
    Stevie D's Avatar
    Join Date
    Mar 2006
    Location
    Yorkshire, UK
    Posts
    5,830
    Mentioned
    110 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by Rubble View Post
    If you check your server logs there are people trying to hack into your website all day everyday
    I get loads of those bots trying to access the log-in page for all sorts of different CMS control panels ... they'll be lucky, I don't use a CMS!

  7. #7
    SitePoint Mentor silver trophy
    Rubble's Avatar
    Join Date
    Dec 2005
    Location
    Cambridge, England
    Posts
    2,195
    Mentioned
    71 Post(s)
    Tagged
    3 Thread(s)
    they'll be lucky, I don't use a CMS!
    The same for me

  8. #8
    Community Advisor silver trophy

    Join Date
    Nov 2006
    Location
    UK
    Posts
    2,514
    Mentioned
    37 Post(s)
    Tagged
    1 Thread(s)
    It's worthwhile adding htaccess password authentication as an extra level of security to the wordpress admin directory. Also when you install wordpress, best to allocate a custom directory for admin rather than the default.

  9. #9
    Robert Wellock silver trophybronze trophy xhtmlcoder's Avatar
    Join Date
    Apr 2002
    Location
    A Maze of Twisty Little Passages
    Posts
    6,316
    Mentioned
    60 Post(s)
    Tagged
    0 Thread(s)
    There are various ways you can block and deny IP but something like the following you would add to your .htaccess file it might not be the best or most efficient method but should work.

    Code:
    order allow,deny
    deny from 36.248.80.15
    allow from all

  10. #10
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    16,449
    Mentioned
    160 Post(s)
    Tagged
    1 Thread(s)
    Blocking by IP is a chore and could possibly block legit viewers. i.e. even if you don't block ~39K IPs and block "ranges" instead, you'll still find yourself endlessly updating your htaccess file. Also keep in mind that Apache processes the htaccess file every HTTP request so you don't want it to be too large.

    Although you could still block the more troublesome IPs too, IMHO for post SPAM it's much better to use other methods such as CAPTCHA, Flood control, word/phrase blacklisting, and checking for links.
    As for file access, keep files containing sensitive info outside of the webroot, make sure your folder/file permissions are set to as restrictive as possible, and don't use the default structure/naming where you have the option to use different.

    I think if you do everything here you should be OK
    http://codex.wordpress.org/Hardening_WordPress


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •