{"id":2477,"date":"2013-04-10T10:25:55","date_gmt":"2013-04-10T15:25:55","guid":{"rendered":"http:\/\/gunscarstech.com\/?p=2477"},"modified":"2013-04-10T10:25:55","modified_gmt":"2013-04-10T15:25:55","slug":"public-service-announcement-blog-under-attack-probably-yours-too","status":"publish","type":"post","link":"https:\/\/gunscarstech.com\/?p=2477","title":{"rendered":"Public Service Announcement: Blog under attack (probably yours, too)"},"content":{"rendered":"<p>I have a WordPress Plugin called <a href=\"http:\/\/wordpress.org\/extend\/plugins\/limit-login-attempts\/\">Limit Login Attempts<\/a> that I&#8217;ve been running for a while. It basically gives a quick and easy way to limit brute force attempts on your WordPress site by blocking IPs that have invalid logins. It&#8217;s pretty configurable for as simple as it is, and one of the things it will do is email you if an IP has been blocked.<\/p>\n<p>My email has been blowing up for the last three days.<\/p>\n<p>This happened in December and January, too. That&#8217;s about the same time as a couple pro-gun blogs were hacked and people were wondering if it was some sort of conspiracy. It&#8217;s not. It&#8217;s just script kiddies.<\/p>\n<p>So do two things today&#8211;<i>today<\/i>&#8211;if you run a WordPress site:<\/p>\n<ol>\n<li><span style=\"line-height: 13px;\">Install Limit Login Attempts<\/span><\/li>\n<li>Rename the default &#8216;admin&#8217; account to something else (and not to your domain name)<\/li>\n<\/ol>\n<p>I&#8217;d say 95% of my invalid login attempts use the admin account. The other 5% use &#8220;gunscarstech&#8221;, &#8220;gunscarstech.com&#8221;, &#8220;qwerty&#8221;, or &#8220;administrator&#8221; to log in. During the last attack, I added all the IPs to my global deny list at my hosting provider. You might want to do the same.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I have a WordPress Plugin called Limit Login Attempts that I&#8217;ve been running for a while. It basically gives a quick and easy way to limit brute force attempts on your WordPress site by blocking IPs that have invalid logins. It&#8217;s pretty configurable for as simple as it is, and one of the things it [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[],"class_list":["post-2477","post","type-post","status-publish","format-standard","hentry","category-tech"],"_links":{"self":[{"href":"https:\/\/gunscarstech.com\/index.php?rest_route=\/wp\/v2\/posts\/2477","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gunscarstech.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gunscarstech.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gunscarstech.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/gunscarstech.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2477"}],"version-history":[{"count":0,"href":"https:\/\/gunscarstech.com\/index.php?rest_route=\/wp\/v2\/posts\/2477\/revisions"}],"wp:attachment":[{"href":"https:\/\/gunscarstech.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2477"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gunscarstech.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2477"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gunscarstech.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2477"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}