homepage Welcome to WebmasterWorld Guest from 54.211.97.242
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / Content Management
Forum Library, Charter, Moderators: ergophobe

Content Management Forum

    
Brute force attacks on Joomla sites
lorax

WebmasterWorld Administrator lorax us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4607218 posted 12:05 pm on Sep 4, 2013 (gmt 0)

A few months ago, WordPress was the first target. Now Joomla sites are undergoing brute force password attacks.

[blog.sucuri.net...]

 

aakk9999

WebmasterWorld Administrator 5+ Year Member



 
Msg#: 4607218 posted 12:34 pm on Sep 4, 2013 (gmt 0)

After having Wordpress hacked once 5 years ago, we serve 403 forbidden for all requests to admin login page not coming from our IP subset.

If you have s static or sticky IP range, this may greatly reduce hacking risks.

lorax

WebmasterWorld Administrator lorax us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4607218 posted 1:45 pm on Sep 4, 2013 (gmt 0)

We deny all except our own IPs or IP blocks for our local service providers (so our faculty and staff can work from home). I keep researching and tweaking the installs to make them tighter and stronger.

BillyS

WebmasterWorld Senior Member billys us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4607218 posted 1:56 pm on Sep 4, 2013 (gmt 0)

Password protect the administrator directory using .htaccess You can do this in Joomla, I don't think you can in Wordpress.

cmendla

10+ Year Member



 
Msg#: 4607218 posted 1:12 pm on Sep 9, 2013 (gmt 0)

There is at least one extension that allows you to modify the back end url..

The one I use allows you to set it up so that the admin url is

www.mysite.com/administrator/index.php?yoursecretword instead of www.mysite.com/administrator

If you don't put the parameter in it will simply return you to the homepage

That has an added benefit in that the script kiddies will usually not keep attacking and sucking your resources if they can't get to the login page.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Content Management
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved