It’s been almost 2 years since I decided to throw away WestHost services. I cannot even count the number of incidents I had with them, varying from simple “No service” cases to “We have had blocked your (home) IP, because you have entered your password wrong three times”. Idiotic rules, threatening e-mails (you’re using way too much processor), etc.

Since doncho.net has a lot of content, I was really afraid from the migration plan. But after migrating my main blog to Superhosting took like 30 min (the download took hours!), my hopes went high. And indeed, for less than 4 hours total (spread in 3 days), I was finally ready to flip the nameservers trigger. And I also had (back ) all the passwords’ lists for MySQL databases, etc.

Now all should be already in place. My permalinks (finally!) work. And my blog is (finally!) loading fast.

Last but not least, I need to mention the great Superhosting support line. They were excellent. They even offered me them to do the migration, but I wanted to do it myself, for various reasons.

Let’s see now!

I decided to quickly check what’s the actual attack activity and I installed the Limit Login Attempts WordPress plugin. What this plugin does is it logs all incorrect login attempts, and if they go above given treshold, it blocks the IP for a while and logs the blocking. After few blockings, it blocks the IP for a day or so.

This functionality, of course, immediately blocks any bruteforce attempts. What’s more interesting here though is the fact that it logs the attempts. That was more interesting for me, because it gave me a chance to evaluate the attack size. And here’s what I’ve got, just for 2 days:

Obviously, there was some “unhealthy” interest. But I never expected that the scale would be that big. And they were all shooting for “the big fella”, the “admin” account.

So it was time to change the admin username. Obviously, the success factor of the attack is based on the fact that WordPress comes with default “admin” username. If I change the username to something else, the attack would never succeed, even if it by some crazy stupid chance succeeds to get my password right (12+ symbols password). It was pretty quick change, although I had to play with the database directly (I’m almost sure there’s a plugin to do the job as well).

Now all seems safe. My wordpress applications locked my account twice, until I realized that I have to change the username there too, but that was the only harm so far.

So, if you’re managing WordPress blog, I urgently advise you to install Limit Login Attempts and change your admin user password (if you have only one admin user, if you have many, you have to live with the plugin only). Otherwise, you’re pretty much exposed to (some) risk, especially if you have easily guessable WordPress admin password.

Good luck!

На мен лично много ми се искаше да присъствам. Бях си го обещал миналата година, когато пак пропуснах. Още повече, че тази година и Мат щеше да е там, а срещата с емблематични хора винаги действа вдъхновяващо.

Но… пропуснах. Основната причина за това е, че събитието е определено да се случи през “дълъг уикенд”. Сигурен съм, че много други хора ще пропуснат поради същата причина, т.е. ако срещата беше в някой от “стандартните” уикенди, много повече хора щяха да присъстват. Организаторите може би си струва да помислият за това догодина…

Проблемът с дългите уикенди (този е четири дни) е, че в много случаи хората планират неща, които вършат вън от София. Знаете за какво става въпрос, най-вече го знаете от задръстванията на изходите на града.

И аз така, този дълъг уикенд няма да бъда в София. Лични причини, какво да правиш, но провалят иначе шанс за среща с уникален човек. И за слушане на интересни лекции от други интересни хора.

Ако вие можете обаче, ако сте блогър или просто имате интерес към платформата WordPress, горещо препоръчвам събитието! Ще е яко!