Join the community today
Register Now

Wordpress Sucuri Wordpress Brute Fore Attacks Report

Discussion in 'Blogs & CMS usage' started by eva2000, Sep 11, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    40,633
    9,019
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,886
    Local Time:
    1:16 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Interesting info provided by WordPress Brute Fore Attacks Report You are being redirected...

    upload_2016-9-11_11-0-54.png

    Wow alot of these Wordpress brute force attacks originate from Media Temple
    Code (Text):
    64.13.192.0/18  Media Temple
    64.207.128.0/19 Media Temple
    64.207.144.0/20 Media Temple
    64.207.160.0/21 Media Temple
    64.207.168.0/21 Media Temple
    64.207.176.0/20 Media Temple
    70.32.64.0/22 Media Temple
    70.32.68.0/22 Media Temple
    70.32.72.0/21 Media Temple
    70.32.80.0/20 Media Temple
    70.32.96.0/21 Media Temple
    70.32.104.0/21  Media Temple
    70.32.112.0/20  Media Temple
    72.10.32.0/21 Media Temple
    72.10.40.0/21 Media Temple
    72.10.48.0/21 Media Temple
    72.10.56.0/21 Media Temple
    72.47.192.0/18  Media Temple
    205.186.128.0/19  Media Temple
    205.186.160.0/21  Media Temple
    205.186.168.0/21  Media Temple
    205.186.168.0/23  Media Temple
    205.186.176.0/20  Media Temple
    216.70.64.0/21  Media Temple
    216.70.72.0/21  Media Temple
    216.70.80.0/20  Media Temple
    216.70.80.0/21  Media Temple
    216.70.96.0/20  Media Temple
    216.70.112.0/21 Media Temple
    216.70.120.0/21 Media Temple

     
  2. hendry

    hendry Member

    59
    13
    8
    Sep 19, 2016
    Ratings:
    +17
    Local Time:
    10:16 AM
    nginx/1.11.4
    MariaDB 10
    This Sucuri security plugin is very helpful to find malware on my site. Before I use this plugin I don't know what I must to do with malware or injected script on my site.

    Archived Performance.png
    Above picture is based from GTmetric and I try to find the redirect page for a week with zero result. After I use sucuri they detect a lot of malware in theme I used. Because I don't want wasting my time to remove all malware so I decide to delete the theme and change it with another theme (The easiest way and save my time) :LOL:, now all redirect is gone. Thanks to Sucuri. :love:

    Malware Scan.png
    Now I have install sucuri on my site. Based on picture above they recommended to use that security. Unfortunately their tutorial is for apache and use it on htaccess. Because now I use Centminmod, how I can implement those security on nginx?
     
  3. eva2000

    eva2000 Administrator Staff Member

    40,633
    9,019
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,886
    Local Time:
    1:16 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    those 3 headers are auto embedded into each generated nginx vhost domain.com.conf and domain.com.ssl.conf and staticfiles.conf include files but commented out by default so just uncomment them and restart nginx
     
    style="display:inline-block;min-width:400px;max-width:970px;width:95%;height:90px" data-ad-client="ca-pub-6669518204467592" data-ad-slot="4024536743" data-ad-format="auto">
  4. hendry

    hendry Member

    59
    13
    8
    Sep 19, 2016
    Ratings:
    +17
    Local Time:
    10:16 AM
    nginx/1.11.4
    MariaDB 10
    did you mean uncoment this?

    #include /usr/local/nginx/conf/block.conf;
     
  5. eva2000

    eva2000 Administrator Staff Member

    40,633
    9,019
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,886
    Local Time:
    1:16 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    no these
    Code (Text):
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
    
     
  6. hendry

    hendry Member

    59
    13
    8
    Sep 19, 2016
    Ratings:
    +17
    Local Time:
    10:16 AM
    nginx/1.11.4
    MariaDB 10
    wew.. why I don't have it on mydomain.com.conf?

    here is my conf:

    Code:
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    
    # redirect from non-www to www
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    #server {
    #            listen   80;
    #            server_name mydomain.com;
    #            return 301 $scheme://www.mydomain.com$request_uri;
    #       }
    
    server {
      server_name mydomain.com www.mydomain.com;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/mydomain.com/log/access.log combined buffer=256k flush=60m;
      error_log /home/nginx/domains/mydomain.com/log/error.log;
    
      root /home/nginx/domains/mydomain.com/public;
    
      location / {
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Enable for vBulletin usage WITHOUT vbSEO installed
      # More example Nginx vhost configurations at
      # http://centminmod.com/nginx_configure.html
      try_files    $uri $uri/ /index.php?q=$request_uri;
    
      }
    
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    
    
     
  7. eva2000

    eva2000 Administrator Staff Member

    40,633
    9,019
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,886
    Local Time:
    1:16 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    only centmin mod 123.09beta01 has it not 123.08stable. You can manually just add those 3 headers within your server{} context and in the location match for .html extensions in staticfiles.conf include file
     
  8. eva2000

    eva2000 Administrator Staff Member

    40,633
    9,019
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,886
    Local Time:
    1:16 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
  9. hendry

    hendry Member

    59
    13
    8
    Sep 19, 2016
    Ratings:
    +17
    Local Time:
    10:16 AM
    nginx/1.11.4
    MariaDB 10
    I used centmin mod 123.09beta01 but I think this is because I never use ./centmin mod option 2 to build vhost, I always use mass vhost builder:). Ok, @eva2000 I will adding it manually.

    Anyway, I just know why my site has so many redirects. It's all because of histats, so be careful guys because this can make all your visitors gone. :mad:
     
    • Informative Informative x 1
  10. eva2000

    eva2000 Administrator Staff Member

    40,633
    9,019
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,886
    Local Time:
    1:16 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    centmin.sh menu option 2 should also add those 3 headers in 123.09beta01 as well as /usr/bin/nv command
     
    • Like Like x 1