NEWS FLASH A Day in the Life of Nerd Vittles

[wardmundy]

Just thought I'd post a day's worth of info from Wordfence showing what it takes to keep a blog up and running these days. Some of the Bad Guys' List may surprise you...

 

[tycho]

Piffle. Not really different from the intrusion map I see on any run-of-the mill cloud server that I ever install. What's the surprise? That the US is so well-represented? FWIW I don't see that as surprising I guess.

(I've been using UFW rather than IPTables on some non-PBX, throw-away servers lately. It (1) is super easy, (2) works quite well, and (2) is hammered several times a second literally from the time it goes active. )

 

[krzykat]

US IP's don't mean the people are in the US. Anyone can buy a $5 US IP and do nasty stuff.

 

[wardmundy]

US IP's don't mean the people are in the US. Anyone can buy a $5 US IP and do nasty stuff.

Or even take over grandma's Windows 95 recipe machine.

 

[tycho]

... or Grandma's new IOT-connected InstaPot that her kids bought for her. A Swedish Meatball BotNet!!

 

[wardmundy]

Gotta love these creeps...

The Wordfence Web Application Firewall has blocked 122 attacks over the last 10 minutes. Below is a sample of these recent attacks:

March 2, 2018 7:19pm  5.77.39.68 (United Kingdom)     Blocked for SQL Injection in query string: page_id=24540%' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- lVmc
March 2, 2018 7:19pm  5.77.39.68 (United Kingdom)     Blocked for SQL Injection in query string: page_id=24540%' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- dZGC
March 2, 2018 7:19pm  5.77.39.68 (United Kingdom)     Blocked for SQL Injection in query string: page_id=24540%' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- gBjN
March 2, 2018 7:19pm  5.77.39.68 (United Kingdom)     Blocked for SQL Injection in query string: page_id=24540%' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL-- nKnn
March 2, 2018 7:19pm  5.77.39.68 (United Kingdom)     Blocked for SQL Injection in query string: page_id=24540%' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL-- LEEJ
March 2, 2018 7:19pm  5.77.39.68 (United Kingdom)     Blocked for SQL Injection in query string: page_id=24540%' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL-- Cpwz
March 2, 2018 7:19pm  5.77.39.68 (United Kingdom)     Blocked for SQL Injection in query string: page_id=24540%' UNION ALL SELECT NULL,NULL,NULL,NULL-- MetD
March 2, 2018 7:19pm  5.77.39.68 (United Kingdom)     Blocked for SQL Injection in query string: page_id=24540%' UNION ALL SELECT NULL,NULL,NULL-- WGWo
March 2, 2018 7:19pm  5.77.39.68 (United Kingdom)     Blocked for SQL Injection in query string: page_id=24540%' UNION ALL SELECT NULL,NULL-- FVqD
March 2, 2018 7:19pm  5.77.39.68 (United Kingdom)     Blocked for SQL Injection in query string: page_id=24540%' UNION ALL SELECT NULL-- NgiD

 

[hawk#1]

I took my sites down a few years back because I lost interest in spending all my free time trying to stay one step ahead. I also found it rather difficult to control my temper and call them little creeps instead of what I really think of them. I appreciate everyone that shares and helps others learn. You run the site to help others and the expense comes out of your pocket. I can't understand the logic behind crashing sites that are online to help others.

 

[AndyInNYC]

Ward,

Your selected list of attempts uses the same IP address. Doesn't your system give them a lifetime ban at some point and just ignore the attacking IP?

Andrew

 

[pbxinaflash]

@AndyInNYC

WordPress plugins cannot (by default at least) ban IPs at protocol level. Requests are just being blocked, which means an attacker will still be able to send requests but they won't get any response back other than they have been blocked. This is a good out of the box mitigation for common attacks such as SQL Injection.

One could easily however make an integration with fail2ban to block ips in iptables.