I was looking to make some changes to our team website and found that it had 4669 lockouts in its history. We only have 6 users. Most of the IPs were in Korea, Latvia, Ukraine, etc., and were presumably proxies. Has something similar happened to anyone else? Our website is still fine by the way, but this shows the importance of having good passwords for administrators and not having “admin” or “test” be an administrator account. That was a popular guess by the would-be hackers. Well, I’m not sure if that’s considered hacking technically. Anyway, has that happened to you guys?
Yes. Twice now. You may not even realize it sometimes. They sometimes just add in header elements to your pages or make things not visible on the page but will still do ad loads to make them money while you are none the wiser. It did make some old posts jump up in the history though which tipped me off.
We use Word Press and I set up some new users that never logged in to ridiculously easy dictionary based passwords.
Recommendations for WordPress folks:
- Back up your site fairly regularly - front end and DB end, know how to restore or recreate your site. You can re-apply a certain set of content yourself.
- Strong passwords - no dictionary words. One number and one symbol minimum
- Keep up on the patches to WordPress, plugins, and MySQL
- Go through various tricks to try and lock down admin access (IP filters, htaccess, etc)
- Trim the users that don’t log in ever. If they realize it’s gone just add them again. This gives fewer places to exploit
- Add in Audit Trail plugin on WordPress to view activity and see what is happening
- Lock down Word Press using the normal tricks like DB prefix on table names, lock down Unix directory permissions, etc. Google it and you will find a bunch of tips