1,023 blocked malicious login attempts. Who trying to steal my blog? Any advises?
-
My new blog growing up fast and I'm about the break the Alexa million and I discovered 1,023 blocked malicious login attempts today. I'm really got scared when I saw this number. I'm using WordPress, any advises?
-
There will definitely be cases out there like you described, Massimiliano. It's a wild world out there. We can only do so much to protect ourselves.
-
Honestly, I would strongly suggest to avoid blocking traffic on a geographic basis, these days you never know where traffic will come from and why.
User sitting in the building next to yours but accessing internet from a corporate network may appear as connecting from China.
Legit bot from services you are paying for may appear as crawling from Sweden, and other legit bot you don't even know about but which let you reach additional audience may appear as connecting from the other side of the world.
Blocking traffic is positively dangerous, the only case where I would consider it a good decision is when blocking blacklisted ips, and even this case I would suggest to secure the blacklist is updated regularly to avoid blocking false positive.
-
Eslam - Many great suggestions here of the things you can do right now to help you with these hack attempts. One thing I'd like to add is that we use a service/plugin called Sucuri. We've had good luck with it so far. You can learn more about them here: http://sucuri.net/
Regarding the approach of blocking traffic from other countries, my thought is this. Does traffic from those countries bring any value to you and do you give value to those visitors? If you answer no to this question, then why not block it? For example, a local pizza shop's website in Portland, Oregon probably doesn't care bout web traffic from Lithuania and vice versa.
-
Bulletproof Security is great and has many features to blocking such attempts and making it harder for those scripts that are just constantly scanning for the usual vulnerabilities.
-
theres a wordpress plugin you can use that limits the number of login attempts (I used to use it but I forgot the name of it)
-
Instructions here: https://wordpress.org/support/topic/how-to-change-from-wp-loginphp-to-login
-
It's won't type my password there really. I don't know ...
-
I don't think it's easy to change it because there PHP complicated things that I don't know about. But, I will search for a trusted plugin or something like that. Seems like a good solution.
-
I don't know, it's a very abuse thing to ban traffic from a country. If you are saying these attacks are automated so they are not humans?
-
I've. But, do you think it's enough. I'm talking about that I'm talking with you right now and there's someone right there trying to steal my thing. Hard feeling really.
-
I agree with Massimillano here.
Three things you should do for all common CMS systems (WP, Joomla, ect..)
First change the admin directory to something else. When doing this you likely have to edit configuration files to point to the new location which is pretty simple.
Second protect admin directory with .htaccess & .htpasswd. There is a nice generator I have used on some of my sites in the past here.
Third create a honeypot / auto IP ban for malicious crawlers or script kiddies. There are several plugins for this if you search the keywords honeypot + cms.
-
Change the name of the login page, I mean in addition to having a strong password of course.
Those automated scripts look first for the known wp login page if they don't find it the will give up, if they do they will keep trying forever and ever, an unecessary load for your servers.
-
This is a very common thing. Most of these attacks are automated, coming from China or Eastern Europe. You may consider banning traffic from those countries all together if it's not relevant to you. Change the default admin user name to something else. And do as EGOL recommended - set a really strong password. And then change that password every few months.
-
Make a really strong password.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Blog hasn't ranked since reposting.
Hey Moz fam! I had a blog that was doing pretty well for the target keyword. Unfortunately, to make a long story short, we had an image in it we weren't supposed to so I unpublished it for a few days while we got that sorted out. Since republishing (with all the same content) it has not gotten a single impression. I inspected the URL and it is totally eligible but nothing in the way of organic traffic. Any ideas on how I can recover?
Content Development | | danieldaher1 -
Internal blog with history and some SEO value versus new external blogs with specialized content?
We operate a blog inside a folder on our site and considering the launch of 4 highly focused blogs with specialized content which are now categories on the internal blog. Wondering if there is more value in using the external new blogs or just keep growing the internal blog content. Does fact that the internal blog is buried amongst millions of pages have any impact if we want the content indexed and value given to the links from the blog content to our main site pages.
Content Development | | CondoRich0 -
Reviving a (very) old blog - is it worth shifting the content onto a new blog?
I look after a few ecommerce sites, one of them doesn't currently have a blog, we are setting up a wordpress blog now for the site. Going way back in time the site did have a blog which was on a separate Typepad domain. What I'm wondering is whether it is worth redirecting this whole blog to the new blog section of the site and copying some of the content over to the new blog as historical posts? I don't think it will be possible to redirect each individual post to a new one so it will just be a straight redirect of the old blog domain to the new one with the same (most of anyway) content. Do you think it is worth doing this for the value of this content which is relevant but dated (many of the links are now expired)? Doing this will take some time to do so it's not 'free' content we'd be getting We have a lot of new content planned out so we won't be short of content, just would be nice to have some historical content on there too Thanks
Content Development | | PeterLeatherland0 -
Why did Moz remove thumbs down from blog posts?
You may have already noticed one of the decisions we made when we redesigned the Moz Blog:
Content Development | | Trevor-Klein
We removed thumbs down from the posts. And it was largely in the name of transparency. Wait, HUH? You took away a method of critique, and you're calling that transparent? Yes. Here's the scoop: Thumbs down are one of the most cryptic, uninformative, and often passive-aggressive forms of feedback on the Internet today. By removing the mud from the water, we make the entire picture clearer. It's so easy to see a handful of thumbs down on a post (we would almost always get 1-2), and begin hypothesizing what went wrong. We shouldn't have published that one. The topic was too tangentially relevant; it was too long or too hard to follow. There wasn't enough evidence to support the claims. We could dive into analytics, attempting to glean clues about what happened, but in reality, any one of the following are reasons someone might thumb a post down: The title is confusing The topic is one that I'd like to deny exists (algo update, e.g.) The milk I poured on my cereal this morning had gone bad, and I need to take out this frustration somehow I once had a falling-out with the author of this post I still have a bad taste in my mouth about yesterday's post, which is skewing my thoughts about this one I found one of the comments offensive My finger slipped on my phone while I was trying to thumb this post up (we've confirmed this happens) I didn't like the author's self-promotion in this post I saw the new Star Wars trailer, and am terrified that Disney might think including Jar Jar's long-lost brother in the new film is a good idea. I hate everything right now. Okay, the last one might be a stretch. But you get the idea. Sometimes a post would receive a disproportionate amount of thumbs down simply because the author was proposing an idea that wasn't popular, no matter its importance. One great example: Carson Ward wrote a fabulous post in 2012 titled "Guest Blogging – Enough is Enough," divining what Matt Cutts would write about nearly 17 months later. The response? 45 thumbs down – one of the most maligned posts in the history of the Moz Blog. Authors have emailed us in a tizzy, asking if their thumbs down meant they weren't quite right for the Moz audience, and in replying to them we came to this overarching realization: We didn't know why they got thumbs down, and we couldn't find out with any certainty, but more often than not it just didn't really matter. We were confident in their points and their presentation, and real criticism would nearly always show up in the comments. All that said, we love it when people offer up constructive criticism. We always take it to heart, and hearing directly from you all is the best way we can improve. For that reason among many others, we'll always have the comments below the post. If you feel like a post wasn't up to snuff, please take a moment and tell us why in those threads (please keep it TAGFEE). One last note: Thumbs down remain available on comments, though that's a temporary stop-gap while we work on a more informative system for flagging comments that are offensive, or facepalm-worthy attempts at links (they're nofollowed anyway!), or otherwise inappropriate for our community. We'd love your questions or comments on this change, and hope you're enjoying the new look of the Moz and YouMoz blogs!11 -
My New blog has NO content since 2 months, the day it was launch, What to DO? Is it "DEAD"???
2 months ago, I publish a NEW blog, http://www.mervrating.org The blog has only 3 posts. I don't have much time to work on it. Does it HURT my SEO? Can I start working on it on regular basis and try to built authority or does it looks "dead" to search engine? I would like to bring it alive and give it a second chance, will it be hard if it has no content since the beginning? What is your opinions? Thank you, BigBlaze
Content Development | | BigBlaze2050 -
What happens if use PR release as a guest blog article?
What happens if use a PR release as a guest blog article on someone else blog as we want to distribute PR as many places as possible? Thanks
Content Development | | Rubix0 -
Short blog post or Long Blog post, Which works better?
I was thinking, that SEOmoz or other technical SEO blog writes long blog post which cracks my interest when i start reading few lines of the blog post. My mind speak, Wooo! so boring.In SEO what will be best post long or Short? Thanks
Content Development | | tapankumar0 -
Harder and harder to get articles approved on My Blog Guest
Hi People, So I got a My Blog Guest account (paid) and have now for a while, I do back the service as its a great system and works well BUT mods are making it very hard work. I put up around 20 articles a month on this site which costs me £300+ to have produced by a professional copywriter and the standard is very high, I get feedback from bloggers commenting on how good the articles are because of the quality of the content (articles are 500 - 550 words). So all I ask in return is 1 link in the body and 1 link in the byline. I ask the copy writer to put a particular keyword somewhere in the content where it best fits, if its a top 5/top 10 article the keyword sometimes fits best in the first few paragraphs before it flows into the list. This is where the problem is: Now these articles are good, they have to be as there for a company with products in major high street retail stores so quality is not an issue. If I put the link in the first paragraph I get these kind of responses: "Linking from opening paragraph is rude to say at least" If I put the link in the second paragraph I get these kind of responses: "Please move your body link to the bottom of the article or better the byline" "The normal procedure is to Hide articles with links in the first few paragraphs like this one...Please edit to put the link in the second half of the article" "Links should be in the second half of the post" Then the articles are taken down until I do what they say! It's my article I can put the link where I want its up to the blog owner whether they want it or not, its not the content you want to administrate its the quality of the blogs, I got users private emailing me asking me to buy links, I've got users applying for articles where there using blogspot and wordpress free sites with content scrapped from the web. I think they got bigger problems then a link in the second paragraph and not the third.
Content Development | | activitysuper0