Identity Theft, Cyber Crime And Your Site
Frank Abagnale depicted by Leonardo deCaprio in Catch Me If You Can speaks at Google about his life and cyber crime.
We’ve all seen the movie or at least we all should have the teen who runs away and becomes everything from an airline pilot to an ER doctor to an Asst. District Attorney all before he turns 21. He’s a cyber crime expert these days and his experience in forgery and documents is fascinatingly from the other side of most experts.
Cyber Crime And WordPress
Being the top CMS and powering such a vast number of sites WordPress is a huge target for Cyber Crime and Identity Theft. While you may think that your site isn’t a target, it is. I’m not important enough for anyone to hack. Is the best way to become hacked.
This site isn’t worth hacking either, or at least I thought. But as I’m typing this 59 IP addresses are currently being monitored for malicious activity and 39 are locked out. Below is a log
185.112.35.* – August 11, 2019, 12:32 pm Attempt to access: wp-login.php
185.86.164.* – August 11, 2019, 12:24 pm Attempt to access: wp-login.php
14.102.102.* – August 11, 2019, 12:19 pm Attempt to access: wp-login.php
168.232.152.* – August 11, 2019, 9:32 am Attempt to access: wp-login.php
180.250.143.* – August 11, 2019, 8:12 am Attempt to access: wp-login.php
167.99.125.* – August 11, 2019, 8:10 am Attempt to access: wp-login.php
195.154.61.* – August 11, 2019, 8:06 am Attempt to access: wp-login.php
192.169.197.* – August 11, 2019, 8:05 am Attempt to access: wp-login.php
192.186.134.* – August 11, 2019, 7:52 am Attempt to access: wp-login.php
178.156.202.* – August 11, 2019, 7:31 am Multiple suspicious activities were detected
185.85.238.* – August 11, 2019, 6:03 am Attempt to access: wp-login.php
46.229.168.* – August 11, 2019, 5:09 am Attempt to access: wp-login.php
199.249.230.* – August 11, 2019, 5:00 am Attempt to access: wp-login.php
79.106.165.* – August 11, 2019, 3:58 am Attempt to access: wp-login.php
203.189.143.* – August 11, 2019, 3:34 am Attempt to access: wp-login.php
185.119.81.* – August 11, 2019, 2:55 am Attempt to access: wp-login.php
Keep in mind that this site does not allow registrations from the public. So there shouldn’t be anyone logging in from any IP address but the ones whitelisted. In the last 24 hrs we see thats not stopping some from trying to gain access.
Let’s consider the following questions.
- Why would someone hack my site?
They just want your site to be part of their network of zombie sights that can over run a real targets server with traffic. Or they want your site to help infect people’s computers.
How common is this? Very! Heres some life maps showing attacks
A Hackers Game
Another popular reason to hack your site is that its a point in a game. Defacing your homepage and putting an image up tagging themselves earns them another site. Now to be clear, they aren’t really great at hacking just exploiting known vulnerabilities.
How To Make WordPress Safe From Hackers?
There are several methods but these are the ones I like and use.
- If everyone likes to use Wordfence Security … dont. Hackers would be well versed in that plugin and anticipating it. I always use a slightly lesser known security plugin WP-Cerber its good and less expected.
- Cloudflare – I utilize Cloudflare to hide behind their network helping to mitigate a DOS attack. They also protect the sites in other ways and most sites get this protection for free.
- Move expected pages and sites.
- wp-login.php on this site will get someone blocked and logged. Its the default web address of the login page, but in plugins like WP-Cerber you can choose a slightly different address for your login.
- wp-content is a folder in your WordPress installation that holds a lot of your customizations and its often a target. I will declare a slightly different folder structure making it harder to automate an attack. For instance /private/wp-content/ used to be used on this site.
- Lock It Down – How many IP addresses have legitimate reason to login into wp-admin? You can lock down access to this area in multiple ways.
- .htaccess dont allow traffic to certain folders from sites listed or not listed. You can also create zones on Cloudflare that block access to IPs for certain pages such as wp-login.php
- Block countries via your security plugin. If you are a local florist you likely don’t need to allow traffic from other countries into your site.
- Regularly scan your server for malware and watch out for the dates of files changing. If you didn’t do an update today, but wp-config.php shows it was last changed today, something may be up.
- Backup – To mitigate damage keep regular backups. I use the plugin All In One Migration to backup my sites as well as cPanel’s backups.