Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Open Source and Free Software

CloudWatcher

(2,056 posts)

1. WordPress fun

Reply to Rocknation (Original post)

Fri Jan 20, 2023, 01:32 AM

Jan 2023

Some months ago, installed WordPress on a Linode virtual server ($5/month).

A couple of weeks porting our site over to it from Wix. Looking cool.

Ran 'tail -f' on the logfiles.

Continuous stream of bots attempting to break in. Old WordPress script hacks, ssh brute-force login attempts. Ugh.

Spent the next couple of days tightening up all the hatches.

Finally running clean. Only gitch was when I upgraded to newer PHP and Apache needed a swift kick.

Still stunned at how quickly the bots found my new WordPress site. If I had more time I'd do a controlled
install on a new machine and try and see where in the installation steps the bots started to arrive. I suspect
the bad guys have access to something central ... e.g. a log at WordPress that shows checks for updates. Dunno.

Edit history

Please sign in to view edit histories.

Recommendations

0 members have recommended this reply (displayed in chronological order):

1 replies

= new reply since forum marked as read

Highlight:

The WordPress Re-Installment That DIDN'T Happen [View all] Rocknation Jan 2023 OP

WordPress fun CloudWatcher Jan 2023 #1