Some people will have noticed that some of the websites that I look after have been under attack this week. Naughty people are trying to gain control of a load of web servers and mine has been one of the many targeted.
What has been happening is that someone has had the great idea of trying to crack as many WordPress sites using a brute force attack. That means setting computers up to try to log in to a site automatically using a computer program to try as many different password combinations as possible. The same technique was a feature in the film War Games of some years ago – the computer in question being the one which controlled US Missiles. My computers have slightly less power.
People do this to gain control of servers so they can do naughty things like use them to send out lots of spam all at once. (Ever wondered where it came from?)
The consequence for my readers this week is that at some times, my websites have been showing up in various security systems (Norton, AVG) as infected and this meant that people couldn’t get access to the sites whilst this protection was in use.
I think I’ve nipped it all in the bud.
For anyone experiencing the same trouble, here’s some of what you can do to help.
- Change the password combination on your server.
- Change the password combination on your blog/WordPress installation.
- Install a plugin like Anti-Malware and use it to scan and remove malicious code that has been injected into your site.
- Install a plugin like Better WP Security and word through what it recommends. At the very least, make sure you don’t have your administrator account in the name “admin” and use the plugin to lock down your login screen – you can set it to ban an incoming IP address after 10 failed attempts to log in, for example.
- Don’t panic.
For anyone who isn’t having the same trouble, consider doing the security things anyway.