Wordfence: Block Bad Logins

There are dozens of computers trying to login to this site over the course of a day. It’s not an important site, not a site that’s chock full of credit card information, and not a site that matters to anyone but me. (Yes, I put out my lower lip while typing that last one.) Nonetheless, the login attempts continue.

The attempts are coming from bots… computers that are infected with malware that puts them under the direction of various command and control servers. They scan, look for WordPress sites, and try to login. If they succeed, they let someone upstream know, and then push malware onto the system.

I have blogged about this before. I’m using WordFence as one of the defense layers for this system. It locks out anyone who tries to login with incorrect information. The login settings are:

 


c
lick to enlarge

Internet Neighborhood Watch

nghwatch-150x150As we all know, the Internet is a pretty wild place.  You have to keep your doors locked. The locks include firewalls, enforcement of strong password policies, attention to and fast application of software and system updates.  Another thing you can do is to keep an eye on activities and warn your neighbors.  Please be advised that this site is doing that.

We participate in the following projects:

  • Project Honeypot
    Project Honeypot adds a page to the site that would only be found by automated visitors. That page includes an obscured email address.  If Project Honeypot receives email at that address, it can trace it back to the IP address of the automated visitor that read it here and correlates its activities on other sites. When they have a good case that the IP address is being used by a spammer to harvest email addresses on the web, they take legal action against the spammer.
  • The 404 Project
    The 404 Project is a new security project from SANS that tracks the web pages commonly attacked by scanning tools. When scanners locate these pages on a site, they start a more targeted attack to gain access into the system.  This is similar to SAN’s DSHIELD project, which collects firewall logs from particpating sites.
  • Mollom
    Mollom is a project from Dries Buytaert, creator of Drupal. Mollom analyzes comments posted on Drupal and WordPress sites, blocking spam posts, and creating a database of spammy content and spammer IP addresses.

What do you do to protect your sites?  Do you feel that these systems unacceptably compromise your privacy? Do they make the Internet any safer?

Your comments are welcome!