I have a wordpress site and now and again get warnings that someone has tried to hack the site. Should I do anything to report the IP address?
Thanks
Martin
Of course yes, the hacker could be also trying to hack other websites from that host.
IMHO, it could be just typical worms that is spread all over the net… scanning etc… so i would not bother
Dont you think your host will notice if your site is being hacked?
I have a hosting service i seel hosting pacages to custumers i some times get mails from my hoster that sites have bin hacked and they demand i take mesurements and inform my custumers about the problem,
Then we keep in contact till problem is over.
Its bad for me the custumer and for the hosting company.
So i think some action form the hoster is ok to.
I think you should report the hack to the hosting company, this gives them an opportunity to review their security measures by better understanding how your application was comprimised. Normally it will be your responsibility to clean up the security hole in your application, however it may also be on the Host. So report it.
Thank you for replying and I’m sorry that I didn’t respond earlier.
I don’t have a problem with my site. I only know what is happening because I have some WP plugins that send out warnings. Sometimes I get a slew of alerts and i just ignore them and presume they are bots. Now and again i get an alert that my admn is locked down because of failed attempts to logo in. The alert says that the attempt was on username admin and I guess this is a more determined attempt at hacking my site. I don’t have a user called admin of course, but it concerns me that someone has had a go.
When the alerts come to my email I get an ISP that I can track to a host. I try to find an email address to write to but I’ve never heard anything back. So should I bother?
Thanks
Martin
your webhost provider should have a problem or troubleshooting location for you to report to. On the one hand you probably do not need to report the issue. It is still good to. More than once in medium size organizations I have gone with a hey we need to, but with out the ticket numbers to back me up. It gets side lined. Not saying that is the case here, but it doesn’t hurt.
You can contact your host; sending to them a copy of the log or actions the would be hacker attempted; web logs are good in this case to establish timeframe, domain of exploiter (may be through a proxy so the domain/I.P. will lead to a dead end). If enough complaints are registered with your ISP against domains then they can filter them out. It depends on how thorough your ISP is, but it is still worth doing, even if you can’t track down where the hackers came from.
Steve
Thanks
When I get an alert it comes with an IP. I try to use that to track down the host and tell them. I’ve never told my own host but will in the future. I’m not expecting much or anything to be done but I imagine that someone who trys repeatedly to log in to my site using admin as the user is up to no good! I bet if they got in it would cause me a lot more grief than trying to track down an email!
Thanks again
Martin
Just to follow up on this, here’s a typical alert from the WP Security plug in:
This notice is to inform you that someone at IP address 83.103.119.239 tried to login to your site “PictoPoetry” and failed.
The targeted username was admin
The IP address has been blocked for 60minutes.
So obviously my site is still safe for now and I have a IP address whee the threat came from. All I can do is track down the host for that IP and tell them. But should I pass this to my host?
Thanks
Martin
Yes, you should let them know that someone from their network is trying unauthorized access, maybe brute force (due to the lockout after several repeated tries). Your ISP should let you know if they want to hear about these sorts of attacks.
Steve
By all means give it a try and report them but I’m pretty sure it will be either a machine that is part of a botnet and scanning other machines without there knowledge or one of the automatic scanners included in malware such as zeus, crimeware etc
Use a firewall in combination with mod_security such as CSF to help with such attacks.
Edit: if you are intact on shared hosting i would get yourself a dedicated IP and take some basic security procedures for your wordpress installation, block off the wp-admin in all cases.
Yeah I mean, you don’t want the guy hacking other peoples sites, so I think you should really take that into consideration when deciding if you want to report him.
OK, so I’m back again with this.
I told my host about the problem. Their reply was laissez-faire, “The likelihood is that these attacks are automated so there’s very little you can do. Good practice is to have strong passwords and to keep up to date with your plug-ins and themes.”
I think now that I will use cPanel deny IP and block the IPs from any of the alerts I get from my Wordpress plugins. Sometimes I get up to 30 or 40 alerts with the same IP indicated and I gues they are just automated attempts at something nasty. Less often, I get an alert that the admin area is locked down after an attempt at logging in under the username admin. I think I will put these in the cPanel deny IP thing.
Is it a good idea to use cPanel to block IPs or should I just ignore these things. I will stress that my site is OK.
What I don’t like is the fact that these people are out to cause mischief but it seems that there is nothing to be done about it (apart from the security stuff). It feels a bit like having a burglar sniffing around your windows and doors and the police not being interested until they break in.
Martin
I hope your problem will be over now.
Do you have root access to the server? If yes, you can easily block IP or IP range using Firewall (IPtable, CSF, APF etc…)
If you are with shared hosting, it is better to report the incident to your webhost.