If any of you have ever run a website or managed anything that faces the internet, then you probably know what kind of relentless pounding a site gets from hackers looking for a way in. This being a WordPress blog, hackers repeatedly hit it looking for a way in. I guess I a lucky because I only get hit hundreds and not thousands of times a day.
They are wide spread and sophisticated. I block any IP I detect trying to break into the site. Certainly it is not perfect, but it at least keeps the pounding out of my stats. What is interesting is that the hackers will hit on a schedule. Three or so hits will occur within a few seconds from different IPs. Here is a sample from the error log (the target URL has been removed from the log).
[Mon May 27 11:18:23 2013] [error] [client 126.96.36.199] client denied by server configuration:
[Mon May 27 11:18:22 2013] [error] [client 188.8.131.52] client denied by server configuration:
[Mon May 27 11:18:22 2013] [error] [client 184.108.40.206] client denied by server configuration:
These three IP addresses reverse lookup to the following locations and DNS names:
United States: paulding.dreamhost.com
United States: server.rmmhost.net
I’m not at all sure what they are looking for (they are all trying to log in using the ADMIN account), but they are persistent. I have installed Better WP Security and followed most of its directions. It has good logging and good banning capabilities.
I don’t have anything to steal here, but I suppose I could be defaced or embarrassed. So I will continue to monitor and ban.