Web Site Security
Posted by Barry Rowlingson on May 31, 2013
I've installed fail2ban on the web server to ban IP addresses from patterns in the web server log files.
So now, if you are using something that identifies as "Firefox/19" and you try and log in to wordpress then your IP address will get blocked for ten minutes.
This will not affect regular users (unless they stupidly go to wp-login.php AND are using that browser).
This pattern is catching the current attacks, but I'll keep an eye on things for variations. This blocks them at the network address level so they shouldn't get through to the WordPress security, which should mean fewer annoying messages for Jo. If these messages start flooding again then the attack signature has changed and I'll modify the pattern. This attack looked distributed (over 1000 hosts accessing wp-login in the past few days) and was probably hammering as many WP systems as it could find over a giant botnet.
[I've also added a link to the timetable in one of the widget boxes on the front page.]
So now, if you are using something that identifies as "Firefox/19" and you try and log in to wordpress then your IP address will get blocked for ten minutes.
This will not affect regular users (unless they stupidly go to wp-login.php AND are using that browser).
This pattern is catching the current attacks, but I'll keep an eye on things for variations. This blocks them at the network address level so they shouldn't get through to the WordPress security, which should mean fewer annoying messages for Jo. If these messages start flooding again then the attack signature has changed and I'll modify the pattern. This attack looked distributed (over 1000 hosts accessing wp-login in the past few days) and was probably hammering as many WP systems as it could find over a giant botnet.
[I've also added a link to the timetable in one of the widget boxes on the front page.]
Comments
Steven Feldman on May 31, 2013:
Rollo Home on May 31, 2013: