You must be logged in to post Login


Lost Your Password?

Search Forums:


 






Minimum search word length is 4 characters – Maximum search word length is 84 characters
Wildcard Usage:
*  matches any number of characters    %  matches exactly one character

Home Yakezie Forums Bloggers Lair 'Brute Force' attack underway–suggestions?

'Brute Force' attack underway–suggestions?
Print this Topic
Page:   1  
UserPost

6:39 am
January 3, 2014


Money Counselor

Member

posts 233
Print this Post
1

Hi folks,

My 6Scan plug-in has sent me two of these messages in the past 8 hours:

 
The 6Scan Security plugin on your site at http://mymoneycounselor.com has locked out one or more IP addresses based on your lockout preferences: 

  • 188.143.234.53 is locked out for 60 minutes due to 5 failed login attempts within 1 minutes. The following usernames were tried: admin, admin, admin, admin, admin, admin.

 

I'm glad the plug-in is doing its job, but I'm nervous that the would-be hacker will eventually succeed. Does anyone have suggestions for further defense I might take?

Thanks!

Make Better Money Decisions

Facebook  Twitter  Google+  RSS

kurt@mymoneycounselor.com

8:47 am
January 3, 2014


debtroundup

Raleigh

Member

posts 190
Print this Post
2

I used to have this problem each and every day.  They were trying to brute force their way in about 1000 times an hour.  It was crazy.  I decided to lock down my login page with htaccess.  There are quite a few writeups around the web about doing so.  It is fairly easy to do.

 

If your username is admin, then you really need to change it.  That is more complicated and you would need to create a new user, move all of the posts to that user, then delete the original.  Then you have to do some database work to complete the migration.  It takes some time.

 

You can reach out to me if you have any more questions.

Debt Roundup | Sprout Wealth | Empowered Shopper

Connect with me on Twitter and Facebook

8:57 am
January 3, 2014


Money Counselor

Member

posts 233
Print this Post
3

debtroundup said:

I used to have this problem each and every day.  They were trying to brute force their way in about 1000 times an hour.  It was crazy.  I decided to lock down my login page with htaccess.  There are quite a few writeups around the web about doing so.  It is fairly easy to do.

 

If your username is admin, then you really need to change it.  That is more complicated and you would need to create a new user, move all of the posts to that user, then delete the original.  Then you have to do some database work to complete the migration.  It takes some time.

 

You can reach out to me if you have any more questions.

Thanks again Grayson. I did some time ago go through the steps to change my username, so that's been done. Sounds like the attack on Money Counselor is pretty feeble compared to what you've experienced, so think I won't worry too much. I did learn from iptrackeronline.com that one attack originated in the Ukraine, one in St. Petersburg, Russia.

Make Better Money Decisions

Facebook  Twitter  Google+  RSS

kurt@mymoneycounselor.com
Page:   1  
Topic RSS

About the Yakezie.com Forum

Forum Timezone: America/Los_Angeles

Forum Stats:

Groups: 2
Forums: 9
Topics: 6383
Posts: 84794

Membership:

There are 13651 Members
There have been 20 Guests

There are 9 Admins
There are 8 Moderators

Top Posters:

My Personal Finance Journey – 3159
Khaleef @ KNS Financial – 3149
Budgeting in the Fun Stuff – 3048
Sustainable PF – 2759
Miss T @ Prairie Eco-Thrifter – 2213
Eric – PersonalProfitability.com – 2120

Administrators: The College Investor (1935 Posts), Financial Samurai (1803 Posts), LaTisha @YoungFinances (1715 Posts), Forest Parks (1337 Posts), 20s Finances (1147 Posts), Money Reasons (697 Posts), Chris Johnson (78 Posts), Sydney at Untemplater (0 Posts), Suba (0 Posts)

Moderators: Suba @ Wealth Informatics (1876 Posts), sooverthis (1041 Posts), PK @ DQYDJ (361 Posts), jmichelsen (208 Posts), Ramona (13 Posts), JeremyNJohnson (4 Posts), Moderator (0 Posts), rackgeek (0 Posts)