So to day I was working hard on stopping a brute force attack that was going on since last night. I know there is not possible way that they would brute force my password as is by just typing it in. The password in 18 Chars and generated by PWGen. Like the following.
So who ever has been working on breaking in. They have been trying 3 passwords at a time then their ip gets blocked for 3 months. They have to try another ip and get 3 more tries. Funny thing is they aren’t even close on the usernames. They have been trying admin, and hanlonsystemsolutions. So after about 8 hours of them trying. I finally decided I should do something to fix it.
Today I have been working on getting it secured. So first thing I tried was to change .htaccess file. This worked for a little bit. I blocked all access from everyone to wp-admin folder on the server. But a couple of hours later they figured out a work around. Great! Now it is time for a challenge!
The next I started searching for a way to use my current server for firewall. Umm well the server was already configured to block logins from all countries except specified IPS. So that’s safe and I have see some activity there. But not like this. Now lets see what we can do with the built in wordpress… NOTHING.
Now download an add on or two. Look for prices on firewalls. Now that I have settled on one. I have blocked all IPs except my IP from accessing the system. Great! Maybe in a couple of days I will let you know what I did. But now there is no login attempts from anywhere. I believe the site is fully secured now! Feel so much better about it haha even though they would be working for years to figure out the password.
Til next time.