Those of you responsible running commercial websites

Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

silverlight1 replied

2 October 2015, 08:30
If you are running a Wordpress site always make sure you have the Sucuri plugin and iThemes Security (formerly Better WP Security) plugins

This allows you to block most automated bots from trying to hack sites
Leave a comment:
stek replied

2 October 2015, 07:10
Originally posted by Contreras View Post

Which is why I run sshd on a non-standard port, as well as use group permissions to restrict logins. It still gets attacked, but then fail2ban adds their IP to the firewall.

Me too...
Leave a comment:
Contreras replied

2 October 2015, 00:02
Originally posted by stek View Post

Check your server authlog and be amazed at the number of bots on Chinese IP's trying to guess the root password......

Which is why I run sshd on a non-standard port, as well as use group permissions to restrict logins. It still gets attacked, but then fail2ban adds their IP to the firewall.
Leave a comment:
zazou replied

1 October 2015, 18:31
Thanks chaps.

The system runs on Azure Web Sites (PaaS) so less worries about ports, security updates etc.
Leave a comment:
stek replied

1 October 2015, 17:49
Originally posted by meridian View Post

I have no idea what you just wrote.

ntp = Network Time Protocol

aLom = Advanced Lights Out Management (i.e. remote access/power card running Linux Busybox)

Colo = Colocation - my box, their DC.

Simples!
Leave a comment:
stek replied

1 October 2015, 17:47
Originally posted by diseasex View Post

I think if they target you , there's nothing you can do . If they see they can milk you , or you upset them enough (visa, Sony etc)
Hasn't happened to me though

Just a port scanner found an unpatched hole - and Ddos'd from it, fixed a sec as soon as they told me.
Leave a comment:
diseasex replied

1 October 2015, 17:42
Originally posted by stek View Post

Somebody exploited an ntp hole on the aLom on my colo'd box, turned out I was the relay of a fair amount of havoc!

I think if they target you , there's nothing you can do . If they see they can milk you , or you upset them enough (visa, Sony etc)
Hasn't happened to me though
Leave a comment:
meridian replied

1 October 2015, 17:12
Originally posted by stek View Post

Somebody exploited an ntp hole on the aLom on my colo'd box, turned out I was the relay of a fair amount of havoc!

I have no idea what you just wrote.
Leave a comment:
stek replied

1 October 2015, 16:25
Originally posted by diseasex View Post

I have emails spamming me once every few weeks , saying something like yours, or trying to sell me seo or other bulltulip. even logging on website to use support to try to sell me something via internal mailing system. I have never replied to them , and nobody ever hacked my website either (or at least i dont know)

Somebody exploited an ntp hole on the aLom on my colo'd box, turned out I was the relay of a fair amount of havoc!
Leave a comment:
diseasex replied

1 October 2015, 16:10
Originally posted by zazou View Post

I've just been forwarded this email.

Is this common chancer tactics?

I have emails spamming me once every few weeks , saying something like yours, or trying to sell me seo or other bulltulip. even logging on website to use support to try to sell me something via internal mailing system. I have never replied to them , and nobody ever hacked my website either (or at least i dont know)
Leave a comment:
meridian replied

1 October 2015, 15:04
I've had a simple Wordpress site live for two months or so, Jetpack reports that it's stopped over 2500 auth attempts already.
Leave a comment:
stek replied

1 October 2015, 14:16
Check your server authlog and be amazed at the number of bots on Chinese IP's trying to guess the root password......
Leave a comment:
unixman replied

1 October 2015, 13:33
Report it as a phishing attempt and then ignore. Don't reply as it only confirms to the sender the validity of your email address.
Leave a comment:
Snarf replied

1 October 2015, 13:24
Originally posted by zazou View Post

I've just been forwarded this email.

Is this common chancer tactics?

Ignore it.
unless you have asked for someone to check your site its spam.
Leave a comment:
BlasterBates replied

1 October 2015, 12:08
The fact that you have a commercial website is a "fortunate" coincidence.
Leave a comment: