Welcome to WebmasterWorld Guest from 54.147.217.76

Forum Moderators: ergophobe

Message Too Old, No Replies

Brute force attacks on Joomla sites

   
12:05 pm on Sep 4, 2013 (gmt 0)

WebmasterWorld Senior Member lorax is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



A few months ago, WordPress was the first target. Now Joomla sites are undergoing brute force password attacks.

[blog.sucuri.net...]
12:34 pm on Sep 4, 2013 (gmt 0)

WebmasterWorld Administrator 5+ Year Member Top Contributors Of The Month



After having Wordpress hacked once 5 years ago, we serve 403 forbidden for all requests to admin login page not coming from our IP subset.

If you have s static or sticky IP range, this may greatly reduce hacking risks.
1:45 pm on Sep 4, 2013 (gmt 0)

WebmasterWorld Senior Member lorax is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



We deny all except our own IPs or IP blocks for our local service providers (so our faculty and staff can work from home). I keep researching and tweaking the installs to make them tighter and stronger.
1:56 pm on Sep 4, 2013 (gmt 0)

WebmasterWorld Senior Member billys is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Password protect the administrator directory using .htaccess You can do this in Joomla, I don't think you can in Wordpress.
1:12 pm on Sep 9, 2013 (gmt 0)

10+ Year Member



There is at least one extension that allows you to modify the back end url..

The one I use allows you to set it up so that the admin url is

www.mysite.com/administrator/index.php?yoursecretword instead of www.mysite.com/administrator

If you don't put the parameter in it will simply return you to the homepage

That has an added benefit in that the script kiddies will usually not keep attacking and sucking your resources if they can't get to the login page.