Get the most out of your Centmin Mod LEMP stack
Become a Member

Wordpress Sucuri Wordpress Brute Fore Attacks Report

Discussion in 'Blogs & CMS usage' started by eva2000, Sep 11, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    30,162
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    4:46 PM
    Nginx 1.13.x
    MariaDB 5.5
    Interesting info provided by WordPress Brute Fore Attacks Report You are being redirected...

    upload_2016-9-11_11-0-54.png

    Wow alot of these Wordpress brute force attacks originate from Media Temple
    Code (Text):
    64.13.192.0/18  Media Temple
    64.207.128.0/19 Media Temple
    64.207.144.0/20 Media Temple
    64.207.160.0/21 Media Temple
    64.207.168.0/21 Media Temple
    64.207.176.0/20 Media Temple
    70.32.64.0/22 Media Temple
    70.32.68.0/22 Media Temple
    70.32.72.0/21 Media Temple
    70.32.80.0/20 Media Temple
    70.32.96.0/21 Media Temple
    70.32.104.0/21  Media Temple
    70.32.112.0/20  Media Temple
    72.10.32.0/21 Media Temple
    72.10.40.0/21 Media Temple
    72.10.48.0/21 Media Temple
    72.10.56.0/21 Media Temple
    72.47.192.0/18  Media Temple
    205.186.128.0/19  Media Temple
    205.186.160.0/21  Media Temple
    205.186.168.0/21  Media Temple
    205.186.168.0/23  Media Temple
    205.186.176.0/20  Media Temple
    216.70.64.0/21  Media Temple
    216.70.72.0/21  Media Temple
    216.70.80.0/20  Media Temple
    216.70.80.0/21  Media Temple
    216.70.96.0/20  Media Temple
    216.70.112.0/21 Media Temple
    216.70.120.0/21 Media Temple
     
  2. hendry

    hendry Member

    59
    13
    8
    Sep 19, 2016
    Ratings:
    +17
    Local Time:
    1:46 PM
    nginx/1.11.4
    MariaDB 10
    This Sucuri security plugin is very helpful to find malware on my site. Before I use this plugin I don't know what I must to do with malware or injected script on my site.

    Archived Performance.png
    Above picture is based from GTmetric and I try to find the redirect page for a week with zero result. After I use sucuri they detect a lot of malware in theme I used. Because I don't want wasting my time to remove all malware so I decide to delete the theme and change it with another theme (The easiest way and save my time) :LOL:, now all redirect is gone. Thanks to Sucuri. :love:

    Malware Scan.png
    Now I have install sucuri on my site. Based on picture above they recommended to use that security. Unfortunately their tutorial is for apache and use it on htaccess. Because now I use Centminmod, how I can implement those security on nginx?
     
  3. eva2000

    eva2000 Administrator Staff Member

    30,162
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    4:46 PM
    Nginx 1.13.x
    MariaDB 5.5
    those 3 headers are auto embedded into each generated nginx vhost domain.com.conf and domain.com.ssl.conf and staticfiles.conf include files but commented out by default so just uncomment them and restart nginx
     
  4. hendry

    hendry Member

    59
    13
    8
    Sep 19, 2016
    Ratings:
    +17
    Local Time:
    1:46 PM
    nginx/1.11.4
    MariaDB 10
    did you mean uncoment this?

    #include /usr/local/nginx/conf/block.conf;
     
  5. eva2000

    eva2000 Administrator Staff Member

    30,162
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    4:46 PM
    Nginx 1.13.x
    MariaDB 5.5
    no these
    Code (Text):
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
    
     
  6. hendry

    hendry Member

    59
    13
    8
    Sep 19, 2016
    Ratings:
    +17
    Local Time:
    1:46 PM
    nginx/1.11.4
    MariaDB 10
    wew.. why I don't have it on mydomain.com.conf?

    here is my conf:

    Code:
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    
    # redirect from non-www to www
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    #server {
    #            listen   80;
    #            server_name mydomain.com;
    #            return 301 $scheme://www.mydomain.com$request_uri;
    #       }
    
    server {
      server_name mydomain.com www.mydomain.com;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/mydomain.com/log/access.log combined buffer=256k flush=60m;
      error_log /home/nginx/domains/mydomain.com/log/error.log;
    
      root /home/nginx/domains/mydomain.com/public;
    
      location / {
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Enable for vBulletin usage WITHOUT vbSEO installed
      # More example Nginx vhost configurations at
      # http://centminmod.com/nginx_configure.html
      try_files    $uri $uri/ /index.php?q=$request_uri;
    
      }
    
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    
    
     
  7. eva2000

    eva2000 Administrator Staff Member

    30,162
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    4:46 PM
    Nginx 1.13.x
    MariaDB 5.5
    only centmin mod 123.09beta01 has it not 123.08stable. You can manually just add those 3 headers within your server{} context and in the location match for .html extensions in staticfiles.conf include file
     
  8. eva2000

    eva2000 Administrator Staff Member

    30,162
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    4:46 PM
    Nginx 1.13.x
    MariaDB 5.5
  9. hendry

    hendry Member

    59
    13
    8
    Sep 19, 2016
    Ratings:
    +17
    Local Time:
    1:46 PM
    nginx/1.11.4
    MariaDB 10
    I used centmin mod 123.09beta01 but I think this is because I never use ./centmin mod option 2 to build vhost, I always use mass vhost builder:). Ok, @eva2000 I will adding it manually.

    Anyway, I just know why my site has so many redirects. It's all because of histats, so be careful guys because this can make all your visitors gone. :mad:
     
    • Informative Informative x 1
  10. eva2000

    eva2000 Administrator Staff Member

    30,162
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    4:46 PM
    Nginx 1.13.x
    MariaDB 5.5
    centmin.sh menu option 2 should also add those 3 headers in 123.09beta01 as well as /usr/bin/nv command
     
    • Like Like x 1