WP Tavern › Forums › Create Topic
djsteveb IP Geo Block (https://wordpress.org/plugins/ip-geo-block/ ) plugin has an updated logging of many attacks by country – even blocking attacks and logging for scans / attempted access to plugins folder, and options to turn on and off other country access to admin ajax, comments, logins. (older version hod log ability but was turned off by default upon install, newer installs I think turn on logging for some events and others optional) sucuri has some good logs for showing failed login attempts (and changes to wp-files, posts, plugins) – even shows the multiple fails that limit login attempts doesn’t see. I’m guessing many use limit login attempts plugin, which may show 4 attempted logins from a now blocked ip addy – but it’s missing the 96 other attempts / fails that were made by same when the method is xmplc. Currently I just disable xmlrpc with “Simple Security Firewall” (in wp repo, too many links and akismet puts you in never-to-been-again-land ) On one domain name that has never had a wordpress on it I set a script to log all ips that tried get and post to xmlrpc (and that domain / site / server folder never had a file there before) – it’s amazing how many gets and posts to that there are in raw access logs.. long story shorter – I don’t have as good of a way to log those xmlrpc requests at the moment, and most of my wp sites have it disabled now finally. I started to engage this plugin developer ( https://wordpress.org/support/topic/add-option-to-export-text-file ) about modding his code to output this info to a readable file instead of just to an iptables apache file (I’m trying to log all of the failed attempts to login from the US, do a whois lookup to determine if it’s a server company or home computer network.. save additional fields that are needed for AWS abuse complaints, stuff like that.. been to busy to follow up with those suggestions there, need to get on that) Anyhow, spam be number exploit attempt ‘by the numbers’ currently – and even though there was a version of WP where comments had a known security vulnerability and that was a big issue then.. from all of the hacked sites I’ve seen, it’s just finding one on a server with a plugin or theme or some other hole. get in. and own it – they can (and do) whatever they want with your site and other files on other sites on the same server. It is not “low hanging fruit”, it is “a LOT of fruit- not so high hanging”.. ps – the akismet comment – after using it for years I had to do a complete wipe / reinstall of site – fresh database and latest akismet – entered my old key and told that need to upgrade – so akisment stopped working for me, deleted it (hope it does not auto-reinstall with future wp updates, and how the whole privacy of Euro visitors that comment and have them routed.. another tangent.. anyhow, I have found wp spam shield plugin in the repo to be pretty solid for comment spam, and have not gotten any emails about comments posted that never made it out of moderation (not that had THAT many with akismet in the past, but have had some users email about comments that were falsely flagged and hidden from my normal view more than a dozen times)
djsteveb
IP Geo Block (https://wordpress.org/plugins/ip-geo-block/ ) plugin has an updated logging of many attacks by country – even blocking attacks and logging for scans / attempted access to plugins folder, and options to turn on and off other country access to admin ajax, comments, logins. (older version hod log ability but was turned off by default upon install, newer installs I think turn on logging for some events and others optional)
sucuri has some good logs for showing failed login attempts (and changes to wp-files, posts, plugins) – even shows the multiple fails that limit login attempts doesn’t see.
I’m guessing many use limit login attempts plugin, which may show 4 attempted logins from a now blocked ip addy – but it’s missing the 96 other attempts / fails that were made by same when the method is xmplc.
Currently I just disable xmlrpc with “Simple Security Firewall” (in wp repo, too many links and akismet puts you in never-to-been-again-land )
On one domain name that has never had a wordpress on it I set a script to log all ips that tried get and post to xmlrpc (and that domain / site / server folder never had a file there before) – it’s amazing how many gets and posts to that there are in raw access logs..
long story shorter – I don’t have as good of a way to log those xmlrpc requests at the moment, and most of my wp sites have it disabled now finally.
I started to engage this plugin developer ( https://wordpress.org/support/topic/add-option-to-export-text-file ) about modding his code to output this info to a readable file instead of just to an iptables apache file
(I’m trying to log all of the failed attempts to login from the US, do a whois lookup to determine if it’s a server company or home computer network.. save additional fields that are needed for AWS abuse complaints, stuff like that.. been to busy to follow up with those suggestions there, need to get on that)
Anyhow, spam be number exploit attempt ‘by the numbers’ currently – and even though there was a version of WP where comments had a known security vulnerability and that was a big issue then.. from all of the hacked sites I’ve seen, it’s just finding one on a server with a plugin or theme or some other hole. get in. and own it – they can (and do) whatever they want with your site and other files on other sites on the same server.
It is not “low hanging fruit”, it is “a LOT of fruit- not so high hanging”..
ps – the akismet comment – after using it for years I had to do a complete wipe / reinstall of site – fresh database and latest akismet – entered my old key and told that need to upgrade – so akisment stopped working for me, deleted it (hope it does not auto-reinstall with future wp updates, and how the whole privacy of Euro visitors that comment and have them routed.. another tangent..
anyhow, I have found wp spam shield plugin in the repo to be pretty solid for comment spam, and have not gotten any emails about comments posted that never made it out of moderation (not that had THAT many with akismet in the past, but have had some users email about comments that were falsely flagged and hidden from my normal view more than a dozen times)
Name *
Email *
Website:
Topic Title (Maximum Length: 80):
Forum: — No forum —AI and WordPress Articles Blocks Showcase Discussions Events Introductions Jobs and Working in WordPress Podcast Episodes Site and Block Editor
Enter your email address to subscribe to this blog and receive notifications of new posts by email.
Email Address
Submit
Enter the destination URL
Or link to existing content
