Need help? Check out our Support site, then


Possible attack on WordPress Via Doss Attack..and other sites..(Maybe)

  1. bloggingboresme
    Member

    Just got the below email.
    I subscribe to a site that tells me if there are sites that may be under attack. This is the e,mail below. I am just letting you know. I don't know if it is true or not.. I also did this WARNING people to NOT click links!!

    http://prayingforoneday.wordpress.com/2013/04/11/wordpress-security-attack-beware/

    E,mail below. Just in-case, I am letting you know.

    Kim here…

    Virtually every web hosting company is currently under attack for the second time this week.

    Earlier this week, a lot of hosts had some outages due to a DDOS attack. That’s something only the host can handle.

    This time however, the attackers are using a Brute Force Login attack and that is making your sites very vulnerable. (I mentioned WordPress but this actually could easily affect any hosted script.)

    If you’re not already using a WICKED GOOD password, now is the time to fix that.

    And if you still have an account on your blog with the user ID of “admin” now is the time to fix that!

    I would advise installing the free, stable, well-trusted plugin called “Login Lockdown” as well. It’s a well known security plugin but I feel it’s highly needed at this moment. Even if you don’t usually bother with security. Install & activate and it works instantly.

    (You can safely ignore that this plugin is old. This one is not a risk. There’s simply been no need to update it as it works so well.)

    More details. http://blog.hostgator.com/2013/04/11/global-wordpress-brute-force-flood/

    As soon as I get this email out to you, I’m going to write a blog post about Login Lockdown. You’ll find it at http://just-ask-kim.com/wp-login-lockdown/ as soon as it’s finished.

    In Service To Your Safety
    ~ Kim ~

    PS: Got questions? Drop by my Facebook Page wall and jot them there and I’m happy to answer as I can… see you there! https://www.facebook.com/Ask.Kim

    Share this:

    The blog I need help with is prayingforoneday.wordpress.com.

  2. I've been seeing brute force login attempts on my client's WordPress sites for over two weeks, so this is old news to me. I'm seeing peaks of 150 per minute on a couple site, mine included. What has changed today is that they are not just going after "admin" usernames, they are seriously mixing things up and I've had to change a couple usernames because they were getting dangerously close.

    WordPress.com though has seriously good people on the server side of things and they seriously know their stuff. Very little for anyone here to fear.

  3. Shaun,
    WordPress.com Staff is fully on top pf DDOS attacks. Posting this is not helpful. We do not have FTP access and cannot install plugins and what you posted pertains to WordPress>ORG installs. In that regard you can count on the fact that all Staff and all regular Volunteers and all experienced bloggers already know what you shared and even more besides.

    What you have done by posting this is promote a WordPress.ORG blog and that means that uninitiated new WordPress.com bloggers will be clicking in there and be misled.

  4. Don't worry, you're completely safe here. We monitor for these things constantly, and we already limit login attempts.

    However, if you're still concerned, it's a great time to enable two step authentication: http://en.blog.wordpress.com/2013/04/05/two-step-authentication/ :)

  5. @macmanx
    lol :D

  6. Thanks for posting this though.

  7. bloggingboresme
    Member

    Ok I have trashed it.
    I just thought it may be a good idea to let people know, to change passwords. Many have said sites are being attacked. Twitter went down after I got one of these emails last year for an hour or two for many. I thought I was doing the right thing...

    The blog is deleted.
    I am sorry..

  8. It's ok, thank you for thinking ahead and contacting us.

  9. @praying, this isn't a bad thing you did, and don't let anyone tell you it was. It is always good for people to be reminded of security issues. I've made a whole lot of money off of site that had lax security and ended up getting cracked.

    At WordPresss.com, there is far less to worry about in general, but the user's password is still the weakest link, so if people go in and change them to a very strong password, or go for the two-step login @macmanx referenced, it can only make things more secure and in the long run better for all.

  10. bloggingboresme
    Member

    Yeah its cool :-) Just over helpful (lol)
    I should have (With hindsight) Just posted it here.
    I am PC Tech and know these idiots can and do get in.

    In future If I hear of an @n0n or whoever attack, I will post it here.
    That cool?

    Shaun

  11. completely safe here

    @macmanx - not to argue but all things are relative and even an event that has a chance of 10 to the minus 50 chance in a year of happening does from time to time happen -

    That said I think the last time WordPress.COM had an issue is when there was a world wide attempt to take down Wiki-Leaks and they shared some server farm resources - things slowed down here and the attack graph went off the top like a rocket - but nothing was lost

    The use a good password is always a good idea however - and it is comforting to know that some of the best server side people work at keeping our sites safe

  12. We are already far more aware than you are of threats to WordPress.com and to WordPress.org security. You post here frequently and have little to no deep content of any kind on your blog. I think you are best served by creating original content for your blog rather than fretting over this stuff.

  13. The whole nine yards is when it comes to security provisions for WordPress.com bloggers is here > http://en.support.wordpress.com/security/

  14. not to argue but all things are relative and even an event that has a chance of 10 to the minus 50 chance in a year of happening does from time to time happen

    True, I guess what I meant is that we're always on the lookout for these things and ready to act to the extent of our abilities if/when they do happen.

  15. bloggingboresme
    Member

    TimeThief who was that aimed at?
    Seems a bit cruel :-) LOL!!

  16. If Anonymous decides to attack WordPress.com, I will deal with it. WordPress.com is actually the host of choice for Anonymous, both because of the security and because of the protections for freedom of speech. Every site on the internet is a possible target for a DDoS attack, but the way WP.com is set up is naturally resistant to such attacks.

  17. @Sahun
    It was aimed at you and I do admit that it was a bit sharp. Having said that, I apologize for not saying the same thing is a warm and fuzzy way. But stand by what I said. I truly think it's in your best interest to start developing some content that has some depth to it. The reason why I say that is that bloggers who do not uncover their passion and start blogging it are lost by the wayside very quickly. Did you know that the vast majority of all blogs founded to today will be either abandoned or deleted in less than one year? My best advice is to uncover your passion and focus on blogging it so you are still blogging a year from now.

  18. Oh Nerts! I misspelled Shaun's name. I'm sorry. :(

  19. @macmanx - I know that WordPress.COM never sleeps and the security and reliability are always alert and doing a great job - for you the stakes are too high to do anything less than the best job possible - but the word "completely" was just to big of a softball over the plate to resist

    the reliability and the tech service was one of the big reasons I moved my site here - much less for me to worry about

    Keep up the good work!!

  20. bloggingboresme
    Member

    TimeThief I never get insulted nor angry, I love this place. And if I can be honest for a second. ANY TIME I have posted here, it has been a Question about Word Press as I am no expert on Word Press.

    Telling me to

    "You post here frequently and have little to no deep content of any kind on your blog. I think you are best served by creating original content for your blog rather than fretting over this stuff"

    Was both very rude and utterly out of order. I have always came here, asked a question, been nice, tried to ask simple questions about things I was stuck with..

    Is this how Word Press treat all people who would rather ask a question that make a mistake and break their blog?
    You say I have nothing on my blog? I have 30+ awards.. I am Disabled, I care, and I would NEVER be as rude as you.. I am sorry, but I, unlike you I do say things in a "Warm Fuzzy Way", as being nasty and having a go at a disabled person's blog is a bit out of order.

    I have thanked you MANY TIMES in the past for your help. This is support, it's job is to help. I used and paid for the Pro account for a year while blogging sport and was thinking of paying to go pro wit this Blog. But as a disabled person, to be told my blog has no "deep content of any kind" I will think twice..

    I won't bother Word Press Support again, and I am sorry for coming here TimeThief and ruining your time with my Questions. If you are part of Support, then you are poor at it. If you are not part of Support, then I suggest you don't comment on things, as that was just utterly, utterly degrading !!!

    Kindest Regards and sincere apologies for wasting your time
    I won't come here and annoy you again with my poor blogging.
    Shaun

  21. @shan - write what you like - your blog - your time - your audience - pay no attention to the peanut gallery on what to write - I used to do news clippings and email them to friends - had I know what a "blog" was back then I would have maybe put them on a blog - then people would have whined that all the content was just clippings and links to news stories - what we now call ReBlog - but the people that got the emails were happy for me to search out the stories for them -

    so do what you want - if you are not having fun you are doing it wrong

    good luck

  22. bloggingboresme
    Member

    Also TimeThief
    Check: http://prayingforoneday.wordpress.com/?s=Disabled&submit=Search

    I have done around 170 blogs of my own.
    I did over 1,000 as a Sports Reporter using Pro WordPress.
    Next time you decide to give me moral advice on my SHIT blog.
    Please at least read my blog. And have a look why I get award.
    Because I give a dawn about other people who are disabled and in pain.

    I am very angry at your reply to me. Truly.
    I am Insulted.

    Your
    @macmanx lol :D
    Was you mocking me, through another member,
    I may be Scottish and Disabled but I am not stupid.
    As suggested here in a blog I did today, Scottish people are not so stupid.
    Please read and judge if you choose.
    http://prayingforoneday.wordpress.com/2013/04/11/what-the-scottish-invented/

    Unreal, honest. 10 posts in here as I was unsure of the free version. And you attack me on my blog. Are you a writer? Do you get paid here? Should I mock Miss Perfect here?

    To the owners, Admins I am Truly sorry for this reply.
    But as someone who was a PAID Sports reporter and used WordPress I find it astonishing this type of action and blatant being nasty is "OK"...
    For me it is not..
    I lose a lot of respect for you Mrs Time, You helped me many times.
    Your first answer saying I wasn't helping was MORE than enough to tell me I was wrong. I deleted the blog there and then.

    So please, take a second to read a few of my blogs or poems and come back and tell me I need to focus on my Original Content.

    Sad.

  23. bloggingboresme
    Member

    auxclass
    Thank you.
    As I said, WordPress I love.
    It saves my life.

    The reason it saved my life is in one of my blogs.
    To be told my blogs are rubbish and have her "Wink, Nudge, Smile" to mock me was, well, VERY sad.

    I love this place.
    Without it, my disability would be worse.
    This gives me an outlet to care and share and I do help many.
    I do not understand nasty. Or being nasty.

    So to answer, I am very happy here.
    I just don't get the reason for the attack on me after stating I should not have posted the blog (I deleted right away) Then she came back again at me.

    I am a paid writer for a few online sports sites.
    I love to write. To be told I am rubbish is insulting, rude, hits my pride as a disabled person. But discrimination I live with, If SHE TRULY has read 170 blogs to know my writing she would know I am disabled.

    Regards
    Shaun

  24. To be fair, timethief and everyone here without a grey background behind their name to the left (like mine) is an unpaid volunteer giving up their free time to help wherever they can, but I do understand if you took offense, however I think her "lol :D" to me was just for promoting our recently launched two site authentication.

    You can always reach out to us directly via http://en.support.wordpress.com/contact/

  25. bloggingboresme
    Member

    I am thankful for your reply macmanx, and it is great Miss Time would take FREE time to insult people the way she did here.
    She is perhaps your friend? So you are right to stick up for her.

    For me the matter is over, I have been honest, like TimeThief who is obviously the best blogger here. I am insulted heavily. And I am glad you can see why.

    Sadly this will sour my Time here from now on....
    As I have been an Admin, A mod and a helper.
    In-fact I volunteer here myself : http://wordpresschat.wordpress.com/ I am trying to learn the free version almost backwards here, so I don't have to come to the (Crazy as it sounds) Support area.

    So I give my free time also to many to help here. I just spent two hours helping a member embed a video here: http://willowdot21.wordpress.com/2013/04/11/awards-and-thank-yous/
    And I got thanked for it..
    There is an issue with Youtube links with many users just now. If you read my replies you will see what the issue is, this was one I did come here to ask for help on, but figured it out myself. As a PC Tech, you do tend to be able to find a workaround to issues.
    If not, I come here. And timethief has helped me many times.
    I obviously annoy her, but the issue is not with me.
    I don't understand nasty...

    I am sorry again for being angered. But I just showed this to several friends on here, I never said a word, and all said "Why was TimeThief so nasty"

    Ach..As they say in Scotland "It will pass with the Rain" :-)
    Really, no worries. I am angry, but won't allow to make me cry.

    I think a sorry would be nice.

    Thank you.
    Shaun

  26. bloggingboresme
    Member

    On reflection with time to put things into context. That being "This is not real life"

    I would like to celebrate with you all something I did 1 week ago today. It was suggested I was unhappy here. MY GOD!! Nobody could be further from the truth. I realise you deal with questions so ridiculous and easy to answer for you, it must drive you crazy. and not to others who like me are almost new to this version of Word Press. It can be annoying sitting day after day answering the same questions when people could search for the answer and not bother people. I have been there, I almost had a stroke. Truly, the admin all laughed and joked because the simpletons could not grasp something they themselves could answer before you could utter the phrase "I pity the fool" So I get frustration.

    So, anyway, its been said, I maybe over reacted, but the statement made was in VERY bad taste and really poor. I stand by that.

    So I would *From the bottom of my heart* truly, be HONOURED if everyone in this debate could PLEASE accept this award
    http://prayingforoneday.wordpress.com/2013/04/02/word-press-family-award/
    I created it one week today (Ish)
    It states:

    "This is an award for everyone who is part of the “Word Press Family” I start this award on the basis that the WordPress family has taken me in, and showed me love and a caring side only WordPress can. The way people take a second to be nice, to answer a question and not make things a competition amazes me here. I know I have been given many awards, but I wanted to leave my own legacy on here by creating my own award, as many have done before. This represents “Family” we never meet, but are there for us as family. It is my honour to start this award"

    This is how much I love this place, I even created an award that is now flying about like Drones in the USA.
    I would also, if I can, like to share this with you.
    As we are all part of an extended family of help, caring and sharing.
    Blog: A blog I would like to share

    Any feedback would be AMAZING.

    Also as well as the award, I thanked YOU!
    Something I wrote with TimeThief in mind :-)

    So, I was perhaps a bit "Scottish" there for a bit.
    So I apologize unreservedly. But the comment was poor. But I forgive, there is no need for a sorry. Really it is cool. As said, some here are volunteers for Word Press, same as me, I work free here also.

    So lets all be best friends, and please accept my award.
    Truly I do love this place. I will end up paying to go Pro, not that my payment alone will throw Word Press into the status of Global Leaders in the financial markets :-) (That was a joke)

    Joking aside, it was a disgusting thing to say and horrible to read, knowing none of my blogs, the way I think, how much I help etc had never once been looked into by the person saying the rude comment.

    But..I am Scottish.
    lets get drunk eh..
    As I am a moderator here, for the site: Me working the ongoingy Youtube issue many are having

    Kindest Regards to all
    Shaun :-)
    I wish you all well. Really.
    I am on medication, sometimes I take things differently.
    I am sorry for this. I am now off the feeling of the medication "Although it is 03:30 and I can't sleep due to pain :-) "

    The Word Press Familuy

  27. Are you going to keep posting until you get an apology? Because that's not really going to work.

  28. bloggingboresme
    Member

    No mate. I am not going to keep posting till I get a "Sorry" as I said above I don't want one.
    Here: http://prayingforoneday.wordpress.com/2013/04/12/chronic-pain-syndrome-sleeping-patternspain-god-and-much-more/

    As a Word Press user this is how I feel this second. This is not your fault, it is just the nature the beast, what I have. It is not cool. Had you read my post you would have not had to write this one. As I did say.
    I still think the remark was wrong.
    But I am in a worse place right this second. It happened, it is gone, I have moved on. Can we all do that please?

    I don't care to become the bad man for trying to help then getting abused for it in-front of god knows how many people. I want to leave it here. Your the boss, boss..
    I just can't believe the comment was made. It was so ignorant.
    But please, read the blog above, I mean it with all my heart. If you don't believe me read some of my blogs. You are guessing on me here, presuming even. I am not a bad person. This thread I started and then got abused for trying to help isn't helping my cause here, not your customer service.

    As I say, your the boss.
    Again I am sorry, and please read the blog I sent.
    I am just stunned.. I am the bad guy?
    Why?

    Kindest Regards
    Shaun

  29. bloggingboresme
    Member

    ps , my teo posts...
    I replied to macmanx
    Then I said "On reflection"

    Then you posted.
    Then I posted twice more.
    Can we leave it here? Please Sir/Madam

  30. bloggingboresme
    Member

    PSS:
    I would be happy if you could just delete this entire post/thread
    Could you do that? And we can pretend it never happened, then all get with life?
    Please?

Topic Closed

This topic has been closed to new replies.

About this Topic