Websites In The Firing Line01 Jun 2020
Attacks on websites have suddenly increased. Alerts like the following started arriving in my inbox about 2 days ago for many of the WordPress sites I manage:
These are "hacktivists" looking for vulnerable websites to upload political front pages to. This is a common occurrence when big events happen, as in the US right now. Major events in the middle-east or places like Hong Kong also trigger a spike in attacks but this one is the largest increase I have seen. The usual aim of hacktivists is to deface as many websites as possible with messages of support for one side or other in a conflict. This is what I believe we are seeing now. Of course, you have no control over what some unknown person on the internet wants to use your brand to say, and some hackers will not stop at that, so you should protect your website.
If you have a WordPress website then I recommend you do the following things asap:
- Lock your site down and get some monitoring software onto it. WordFence is pretty good because it compares WP core, theme and plugin files to their reference versions and lets you know if anything has been added or changed by a hacker.
- Get your DNS on Cloudflare so you can cache burst traffic and protect from a DDoS attack.
- Add a rule to your Cloudflare Web Application Firewall to capcha the login page of your site.
- You should also look into external monitoring services to alert you when your website is down, appears on any blacklists, and to do a nightly security check.
I am also receiving virtually non-stop attempted login alerts like these:
Hacktivists are trying to get in to any accounts they can by trying to guess passwords. An email like above is triggered by 20 incorrect logins in a row. The pattern I see is 20 logins attempted, wait 4 hours, then try another 20, repeat. To protect yourself from these attacks I recommend:
- Change your admin passwords asap.
- Check all your passwords using https://haveibeenpwned.com/Passwords to see if hackers and have them in their databases. Those databases of known passwords are used in automated scripts for brute-force login attacks. An attacker loads a database of likely login names and a list of known passwords and leaves the script to run until one works.
- Enable two-factor authentication on every account where it is available so that even if a hacker has your password they will need a second code provided by your mobile phone to log in as you. Twitter, Facebook, LinkedIn, Google and almost every other major tech platform has 2FA now so do it.
You might ask "Why would my website, email, hosting provider or domain be targeted?" There is usually no reason. If your site is on Google then it is in a database of sites. Hacktivists usually have some targets that they feel are related to an issue and they put in extra work to get into them. Everybody else is just caught up because they exist. Most attacks on websites or user accounts are scripts running on botnets that run automatically with no user intervention until an exploit is found. It is rarely personal.
If you have any questions about the above then contact me. I am always here to help you.
GMAC Internet Solutions
Gerard completed an Honours Year on top of his Bachelor of Science degree at Deakin University studying Distributed Operating System Security.