So The Canadian Finance Site has been under attack for a long time from various nasty folks out there, however, I now have finally at least figured out how to identify who (or some of who) are doing this. The importance of Security in your web site is number 1.
The easiest way to stop these attacks, and increase security, is by updating the .htaccess file for the site and add the following code snippet:
## IP-ABUSE-LOOKUP
Order Allow,Deny
Allow from All
Deny from 209.85.238.213 188.134.33.64 209.85.238.216 66.249.67.146
Deny from 178.178.10.40 95.108.150.235 58.63.241.209 209.85.238.201
Deny from 175.42.13.20 27.159.199.71 204.12.228.34 5.9.7.208 199.58.86.206
Deny from 120.43.20.237 59.58.137.5 119.131.99.162 204.12.247.34 64.31.32.131
Deny from 120.43.4.134 24.36.243.139 183.5.140.189 219.154.133.225 220.180.62.187
Deny from 96.22.53.162
Deny from 174.0.25.72
Deny from 117.26.85.214
Deny from 112.111.175.177
Deny from 27.159.253.234
This is an example of my current .htaccess file, and I keep adding addresses as I sort out who is attacking my site. I learned about this file from my Hosting Service Provider Dreamhost, so thanks to them. Your service provider should help you with your site security.
There is a very useful plug in called Redirection which I first installed to help me with my “resurrect the dead” program (I’ll write about that here at a later date). I installed it, but it also logs “odd” access to your site, and from those logs I have collected IP addresses of very questionable attack sites. I suppose I should reverse look up the addresses to see if they are legitimate, but I can’t be bothered right now.
This is only a partial list, I have added many more IP addresses, and currently I use Filezilla to FTP the .htaccess file from my site, edit it on my PC (adding new addresses) and then putting the new .htaccess file back on my site. If your Service Provider offers an easier way to do this, I would strongly suggest using it.
This hasn’t stopped my site from getting pounded, but it can’t hurt either.
Addendum
A plug in like Wordfence can help a great deal for WordPress sites. It has helped my sites a great deal. Cloudflare also has many useful security deterrents.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net