fbpx
Skip to content

Under Attack but Security in Place

So The Canadian Finance Site has been under attack for a long time from various nasty folks out there, however, I now have finally at least figured out how to identify who (or some of who) are doing this. The importance of Security in your web site is number 1.

Hacking
Under Attack

The easiest way to stop these attacks, and increase security, is by updating the .htaccess file for the site and add the following code snippet:

## IP-ABUSE-LOOKUP
 Order Allow,Deny
 Allow from All
 Deny from 209.85.238.213 188.134.33.64 209.85.238.216 66.249.67.146
 Deny from 178.178.10.40 95.108.150.235 58.63.241.209 209.85.238.201
 Deny from 175.42.13.20 27.159.199.71 204.12.228.34 5.9.7.208 199.58.86.206
 Deny from 120.43.20.237 59.58.137.5 119.131.99.162 204.12.247.34 64.31.32.131
 Deny from 120.43.4.134 24.36.243.139 183.5.140.189 219.154.133.225 220.180.62.187
 Deny from 96.22.53.162
 Deny from 174.0.25.72
 Deny from 117.26.85.214
 Deny from 112.111.175.177
 Deny from 27.159.253.234

This is an example of my current .htaccess file, and I keep adding addresses as I sort out who is attacking my site. I learned about this file from my Hosting Service Provider Dreamhost, so thanks to them. Your service provider should help you with your site security.

There is a very useful plug in called Redirection which I first installed to help me with my “resurrect the dead” program (I’ll write about that here at a later date). I installed it, but it also logs “odd” access to your site, and from those logs I have collected IP addresses of very questionable attack sites. I suppose I should reverse look up the addresses to see if they are legitimate, but I can’t be bothered right now.

This is only a partial list, I have added many more IP addresses, and currently I use Filezilla to FTP the .htaccess file from my site, edit it on my PC (adding new addresses) and then putting the new .htaccess file back on my site. If your Service Provider offers an easier way to do this, I would strongly suggest using it.

This hasn’t stopped my site from getting pounded, but it can’t hurt either.

Addendum

A plug in like Wordfence can help a great deal for WordPress sites. It has helped my sites a great deal. Cloudflare also has many useful security deterrents.

China attack

Image courtesy of Stuart Miles at FreeDigitalPhotos.net

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.