That’s all it took before the attacks started.
Last week I was on a training course. I was learning about command line and linux.
One of the tutors was from a cyber security company called Secarma. Who, amongst other things, do penetration testing and “red teaming” for companies who care about having secure systems.
Just after lunch was when this bloke, Paul, took over the teaching, and did a section on cyber security.
At 9:00 that day, the virtual server that we were working on was created. Using a completely new IP address.
By 11:00, the first attack came.
It originated in China, which is a hotspot for this sort of thing.
The attackers simply try to gain access to a server, so they can quietly add some code, to use at a later date. This can be used for a number of reasons. Normally to create a botnet. Which basically give attackers more computing power to carry out denial of service attacks and such.
The other reason they try to get access is for spam. Good old fashioned spam. If they can access a server and install a simple php script, they have a nice new IP address they can send unsolicited mail from. Usually to sell viagra or weight-loss pills etc.
They might get a few million emails out of the door before the ISP’s blacklist the IP. Then they move onto the next one, leaving you with a dud IP address.
What about cyber security at your company?
If you or your company have a WordPress website, you will likely be getting attacked several times a day. We host a bunch of sites and any one of them can have 20 – 200 attempted attacks in a given day. According to Wordfence, who are the developers behind the most widely used WordPress security plugin, there are 15000 attacks PER MINUTE on WordPress sites that they protect. The true number globally, will be much higher.
You might be thinking how are so many attacks happening at once?
The attacks are not done by humans. They are automated by software and they are designed to scan WordPress sites for known vulnerabilities. For example, outdated WP, theme or plugin version, or an un-patched bug in a plugin that isn’t maintained anymore. Once they find one, they will notify the owner of the software so that they can then either use other software to exploit it, or do it themselves.
Once they’re in. You’re fucked.
They will initially install a small piece of code, and give it a name that isn’t suspicious. Like “updater.php”. Then, when they want to, they will use it to send out spam email. They will use it pretty quickly, just incase you run a scan and find the intruder. Once they’ve used it, you’ll need a new IP address, as your will be blacklisted. Meaning any legit mail you send from your server, will be blocked by ISP’s.
How to protect your WordPress Website
To protect yourself, you will probably want to, as a minimum:
- Keep your WordPress version, themes and plugins updated to the most recent version. – This is fucking critical.
- Use WordFence.
- Delete any unused plugins and themes.
- Keep regular backups and store for at least 30 days.
- Replace unmaintained plugins and themes with alternatives.
- Keep admin accounts to an absolute minimum. If your developer needs one, just make him a subscriber account and promote it to admin for the time he needs access.
- Use long complicated passwords (like 16 characters long) EG: 78hb*J$bTJN2NGp7 This is a great password.
If you want to go a step further, then you can also use:
- 2-step authentication, and
- a Captcha on the login screen.
These are the basics but they will get you going. If you want to read about persona online safety, read this article too.