Group Admins

CBOX Classic Support

Public Group active 4 months, 3 weeks ago

This group provides support for Commons In A Box Classic, our original software for community-building. Register for an account or log in to commonsinabox.org, then join the group and post your question here.

Security threat – reeived a notice from my host of massive bot attacks

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • April 24, 2013 at 4:02 am #2547
    Helene Finidori
    Participant

    Hi I received a notice of :

    “A large distributed brute force attack against WordPress websites is understood to be occurring recently across the internet. A large botnet with thousands of attacking servers is attempting to log in by cycling through different usernames and passwords to get into the WordPress Admin dashboard. This is a global attack which is affecting thousands of servers globally”

    Among the precautions on passwords, and Ips and server protection on the server end is the installation of the two following plugins:

    http://wordpress.org/extend/plugins/limit-login-attempts/
    http://wordpress.org/extend/plugins/better-wp-security/

    Are these safe to install on the standard CBox theme? Is anyone running them? We would like to do this sooner rather than later. Thanks.

    Helene

    April 25, 2013 at 4:57 am #2560
    Ray
    Keymaster

    Limit Login Attempts appears to be too old and not effective:

    http://wordpress.org/support/topic/scary-limit-login-attempts-lockout-bypassed/page/2#post-3498909

    Some people in that thread recommend this instead:

    http://wordpress.org/extend/plugins/login-security-solution/

    April 25, 2013 at 6:23 am #2563
    Helene Finidori
    Participant

    Thanks @Ray, so I will go ahead with this one.

    Should we add http://wordpress.org/extend/plugins/better-wp-security/also? It seems this second one was updated a few days ago, and takes care of modifying some WP routes that hackers/spammers may take, making it more difficult also. what caught my attention also was the renaming of admin accounts which seem to be the target…

    Thanks!

    April 25, 2013 at 12:02 pm #2564
    Brock Nanson
    Participant

    I’ve got Better-WP-Security working side by side with WordFence on a BuddyPress (but non-CBox) site without any apparent issues. I’d say that WordFence functions more like a firewall, while Better-WP-Security is more directed to locking down vulnerabilities on your site (admin accounts etc.). ย Both have value and if you can get them going without breaking anything else, I don’t see a downside!

    April 27, 2013 at 12:36 pm #2577
    Helene Finidori
    Participant

    Thanks @brock-n WordFence indeed seems quite powerful.

    Would WordFence + Better wp security work together with Wanguard? I suppose they are three different things, Wangguard working on the origin of the threat…

    April 27, 2013 at 1:40 pm #2578
    Brock Nanson
    Participant

    I’ve been using WangGuard without any apparent conflicts with the other two packages, but on a non – CBOX site (just buddy press). Give it a try! ๐Ÿ™‚

    April 27, 2013 at 2:01 pm #2579
    Helene Finidori
    Participant

    Thanks @brock-n ๐Ÿ™‚

    June 4, 2013 at 11:29 am #2833
    Helene Finidori
    Participant

    Just to let you kow, after installing better-wp-security and changing my username from admin to something else, that I lost all my friendships, access to my personal activity (though still appearing in general activity) and access to groups (which was not much of a problem as I could join the public ones and self promote myself to admin. For hidden ones I had to ask someone to reinvite me in.

  • Author
    Posts
Viewing 8 posts - 1 through 8 (of 8 total)
  • You must be logged in to reply to this topic.