Hack attempts drive me nuts…

evil hackers - and your website

People see a website…

I don’t know what the general population thinks about webmasters, hosting companies and all the affiliated services that go along with creating and maintaining a website.  I am going to guess that a lot of people really DON’T think about it and just expect when they slap their website out on GoDaddy or 1and1 that it will just run forever.  Well, folks, I’ve got news for you – it likely won’t.  And it likely won’t run for more than a few reasons.

Retool Your Website – NOW.

The biggest reason is that browsers change and software updates.  Your all-tweaked out down to the pixel web design works beautiful on the current version of (pick a browser) but almost assuredly, it’s going to go south on you at the next browser update – or one of them at least.

If you use something like WordPress, many times these themes ARE well-written and highly tested.  Well, the PAID themes are usually well-written and highly tested.  Free ones can be a little lacking.  If you have one of these paid themes, many times the designer will go back and update as needed to cover changes, add features and all that.

Hackers and HackBots

The NEXT biggest reason across the board (and perhaps even a bigger reason for certain types of websites) – hackers, hackbots, script kiddies, and viruses.  When your site is hosted on someplace like GoDaddy (we know because we have accounts there too) or 1and1 – they normally hide the ugliness from you.  Not sure exactly what they do to protect the sites that we don’t see, but I’ve never had one drop or get beat to death over there.  It may be that they throw more horsepower at their sites than some of the other hosting companies.  I know ixWebhosting is pretty quick to kill off my sites if they start getting blasted by  bots and running up the CPU usage.  It does NOT make me happy, but I like them a lot in the big scheme of things.  I almost always get to talk to a human when who actually answers the call and all that, but… I digress.

So when I’m running my own server, then I have to worry about all that stuff. Do I have the spare horsepower to serve a 10 hits per second bot onslaught? Or more? Truthfully, I shouldn’t need to – there’s no reason for 90% of the visits to my sites. Useless bot traffic looking for a site dumb enough to be using “admin” as the username and a dictionary password that it can hack. IF that’s you, change your username. Now.

Protect Your Hosting

And it’s not always the easiest thing to do – protect your hosting.  We use a few different plugins to protect our WordPress installations. WordFence is a favorite and seems to have some great features and options.  There’s another one that we use, Bulletproof, that is a lot more intrusive and quirky to setup, but does do good stuff.

But what can you do to NOT waste a lot of horsepower right off the bat loading up the WP stuff only to deny when the bot/hacker starts guessing passwords?  You COULD actually start putting hefty htaccess files in place on every site. On the down side, when you have oh 50-250 sites running, that gets pretty time intensive fast and very painful to have to update.

While we run – gads… sites on about 10 different servers, plus a slew of others for customers, we like the server level blacklist features when we have them.  That protects all sites on that particular server. Not all servers have this.  In some cases you may be able to install it as a feature, but if you can, I suggest you do it.  My favorite server tool is cpHulk.

Server Level Bot/Hack Protection

I was watching bogus access requests come in all day long yesterday.  Most were caught by cpHulk and I saw emails coming in from those brute force attacks ALL day long.  cpHulk offers the ability right in the email to blacklist the offending IPs in a few different blanket approaches – the single IP, the /24 range and the /16 range.  So I spent some time doing that yesterday.  But you know what?  The crap just kept on coming.  From outside of those IPs that I had blacklisted yes, but nonethess it was enough to cotinue to annoy me.  I hopped in this am and what do I find?  CPU usage up due to servicing bogus wp-login requests (bot most likely) on a few different sites.  D*MN it.

Okay, I had done this before, but discovered, after I did it, that one of my customers actually needed to have international traffic.  She’s on another server though, so this time I was free to get REAL ugly.  So, cpHulk blacklist to the task.

The place that I’ve used in the past and today again, WizCrafts.net. This guy keeps very up to date IPs available for firewall blocking uses. As much as I would like to let everyone read all of my kick-ass content, I really hate the amount of hack attempts. I realize that a lot of them are bots, but every once in a while, I see the ones that are not bots. Normally I suspect that server should be well protected via the automatic cpHulk and WordFence or bulletproof security plugins, there’s no need for someone from Korea to be hitting a majority of my sites. Different language right off the bat – and besides a LOT of them are actually local services sites. So how often do you suspect someone from China is going to call for water damage repair in Raleigh NC? Probably not too often.

False Sense of Security

Do NOT kid yourself into believing that ALL hack attempts come from China or somewhere besides the US.  We still see a number of attempts caught right here from good old US servers and Canadian IPs. You’ll really take down your odds of general attack though just by blocking out anything not in your actual area.

Leave a Reply

Your email address will not be published. Required fields are marked *