Our website is made possible by displaying online advertisements to our visitors.
Please consider supporting us by disabling your ad blocker.
Results 1 to 9 of 9

Thread: A good reason not to use Wordpress

  1. #1

    Join Date
    Nov 2014
    Location
    Durham, Co Durham
    Posts
    3,157

    Default A good reason not to use Wordpress

    I have a WordPress blog on my server. Most of the time it just sits there not doing much. Fine. But lately the server has been slowing down noticeably.

    The reason for this is bots from all over the world trying to exploit XMLRPC calls. While it's not unique to WordPress sites, they're a ripe target for this kind of attack.

    So, you say, you keep your WordPress up to date along with all the plugins, but these hack attempts eat bandwidth you could be using to serve your site to customers.

    I've had a fail2ban system set up for a while to try & nip this in the bud but the bots still keep coming & slowing down the server. They're mostly from Eastern Europe, China & Russia. It's got to the point where I'm considering taking the blog down so I'm no longer a target.

    Any thoughts? Over to you...

  2. #2
    SC Events's Avatar
    Join Date
    May 2008
    Location
    Nuneaton, Warwickshire
    Age
    33
    Posts
    2,810

    Default

    My first thought would be to change server, as surely it's the server's firewall letting these bots in?
    Scott.



    SC Events | Facebook

    Professional Conference & AV Services, Corporate Entertainment, Equipment Hire and DJs

  3. #3

    Join Date
    Nov 2014
    Location
    Durham, Co Durham
    Posts
    3,157

    Default

    fail2ban is being used in conjunction with the servers firewall.

    If a client makes too many incorrect requests it gets banned.
    Three strikes & they're out!

    Hunky dory, except when the remote bots hammer the system for up to half an hour with thousands of requests per minute. It's not quite a DDoS attack but makes things lag badly.

    If I'm to keep the blog I think it has to move.

    Or I could just try a new firewall rule...

    And all this is ignoring the sheer volume of bots trying to get in as root, access stuff which I don't even have like cpanel, phpmyadmin...
    Last edited by Nakatomi; 23-04-2015 at 10:58 AM.

  4. #4

    Join Date
    Feb 2014
    Location
    Rotherham
    Age
    55
    Posts
    375

    Default

    Quote Originally Posted by SC Events View Post
    My first thought would be to change server, as surely it's the server's firewall letting these bots in?
    It's actually quite difficult to correctly identify a bot. There is a good chance that they are sending a valid useragent string, identifying it as valid IE/Chrome etc.

    Potentially you could block the IP address as each request comes in, but from experience, IP's are probably fake and keep changing, so would be and endless attack


    Again, some bots you wish to allow access, google/bing etc

  5. #5

    Join Date
    Nov 2014
    Location
    Durham, Co Durham
    Posts
    3,157

    Default

    Quote Originally Posted by fullcontact68 View Post
    It's actually quite difficult to correctly identify a bot. There is a good chance that they are sending a valid useragent string, identifying it as valid IE/Chrome etc.

    Potentially you could block the IP address as each request comes in, but from experience, IP's are probably fake and keep changing, so would be and endless attack


    Again, some bots you wish to allow access, google/bing etc

    For most of the traffic my server sees it's actually very easy to spot the evil bots looking for holes. Xmlrpc ones are a dead giveaway, as are ones looking for phpmyadmin, CGI exploits etc.

    All the repeated access attempts come from the same IP address. I block them after 3 attempts but they still keep trying which eats bandwidth. Then the next one comes along using a different IP...

    I still compile abuse reports & send them to ISPS but a fat lot of good that does.

    It's not until you have your own internet facing server that you realise what a scummy place it is out there. My server is nothing & yet has to cope with dictionary password attacks over SSH, FTP.. all day every day.. All just to make my server a cog in their nefarious machine.
    Last edited by Nakatomi; 23-04-2015 at 11:11 AM.

  6. #6
    Web Guru Marc J's Avatar
    Join Date
    Feb 2007
    Location
    Edinburgh
    Posts
    3,340

    Default

    Give one or all of the following a shot: -

    1) Cloudflare. Very good at stopping bots. I sometimes take the extra step of restricting admin access to UK IP addresses as well....stops most nasties in their tracks at the first hurdle! You can even restrict access by country to the front-end, if you really wanted to...

    2) Stealth Login Page (WP Plugin) - adds a secret key (so admin needs username, password & key) and kicks to wherever you want if it's wrong.

    3) Limit Login Attempts (WP Plugin) - does what it says on the tin.

    4) Get a decent host

    And remember, keep things up-to-date, and turn auto update in WP on.

  7. #7
    Web Guru Marc J's Avatar
    Join Date
    Feb 2007
    Location
    Edinburgh
    Posts
    3,340

    Default

    And if you know you don't want or need XML-RPC at all, disable it completely: https://cm.org.uk/wordpress/how-to-p...ingback-abuse/

    I'd personally use the .htaccess method...

  8. #8

    Join Date
    Nov 2014
    Location
    Durham, Co Durham
    Posts
    3,157

    Default

    No, this is a load of bots hammering my server trying to do xmlrpc calls with a post method. I counted over a thousand in a minute at lunchtime.

    Thankfully the server host got on top of it for me & blocked them. The server firewall want working because the IP addresses were spoofed.

    As for a 'better' host, if I'd had gone for just single hosting I'd be filtered by them already. But me being a cheapskate.... Hosting 3 sites for less than a tenner with the option to host even more. It doesn't take that much looking after.

  9. #9

    Join Date
    Nov 2014
    Location
    Durham, Co Durham
    Posts
    3,157

    Default

    Quote Originally Posted by Marc J View Post
    And if you know you don't want or need XML-RPC at all, disable it completely: https://cm.org.uk/wordpress/how-to-p...ingback-abuse/

    I'd personally use the .htaccess method...
    Problem is it won't stop these idiots trying. Much more of this lark & I'm signing up for cloudflare. I didn't even know about that, so thanks!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •