Please can you recommend a domain registrar that won't treat me like poo and that won't force me to use their name servers so I can host my own DNS? Reasonable pricing and someone that doesn't throw up needless obstacles to leaving would be a plus.
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
On 06/06/2013 21:52, Ian wrote:
> I've got a Fail2Ban jail set up to ban anyone accessing any
> wp-login.php more than five times. It's just triggered a dozen times
> in a minute - there's another major burst of hack attempts going on.
> Especially if you or any clients have an account called 'admin' on a
> WP site - not a good idea, as it's the WP default and thus the
> one hackers go for - you want to watch out.
> (Another eight triggers while writing this...)
I meant to post to the list about this too; I got hit on Tuesday to the
extent that my VPS OOMed.
After working out what was going on and adding to the fail2ban rules,
around 400 different IPs and around 2000 requests to wp-login.php were
blocked over the course of a couple of hours although it's died down
If it helps anyone, my fail2ban filter:
failregex = [client <HOST>] WP login failed.*
[client <HOST>] client denied.*wp-login.php
The first line requires a change to your Wordpress theme to log failed
logins, described here:
The second one comes from adding rules to .htaccess to deny requests
for wp-login.php and wp-admin to anything outside of the IP ranges I
use. The second rule should be sufficient; I added the first one a while
ago and didn't see any harm in leaving it.
The recent WordPress update has reminded me that in the WordPress wiki
page (updated with a couple more tips, BTW) I mention the WP Remote
service which lets you do things like upgrade WordPress on many sites
with a click or two.
When it works, it's great, but I am finding it is not always able to
communicate with my sites. It wasn't working on Saturday, it was on
Sunday, it's not now.
At one point, they were using their own server and a single IP address.
Now they're using AWS and the IP address varies according to whatever
Amazon assign to them at the time.
My suspicion was that assorted nasties are also using AWS, behaving
badly, triggering a Fail2Ban jail one way or another, and this sometimes
leads to WP Remote being caught in the ban when it is assigned the same
IP address as the nasties had.
The problem with that theory is that if I look at the IP addresses that
have been successfully used over the past few months, via looking in the
webserver logfiles, there are three:
.. and none of them are currently being blocked by iptables.
This is affecting both my VPS. Surprisingly few addresses are being
currently being blocked, and none of them look to be anywhere near
those, and I can only spot one in common between the two. And that's
nothing to do with Amazon.
Is anyone else seeing anything similar?
I'm having major issues with Hotmail/Outlook.com junking every single
email (100% transactional) I send from my VPS ('Smartscreen blocked this
email..') and is causing a headache in the form of customer
complaints/support especially as the majority aren't technically
inclined. I haven't had any issues whatsoever from any other major email
providers and I only send a very low email volume (usually less than 500
emails a month in total).
I've done everything I can think of to ensure I'm a reputable sender..
SPF/SenderID, DKIM and Reverse DNS all validate perfectly. Mail server
uses an appropriate HELO, my IP is sparkly clean and not on any
blacklists. Signed up to Hotmail complaints feedback loop, smart network
data services, went through an automatic mitigation procedure which was
apparently successful. The emails I send are mostly just plaintext
alerts/receipts so there isn't really much I can do to make them look
less 'spammy' and more 'hammy'.
I'm still dealing with Hotmail directly to find out what the problem is,
but I was just wondering if anyone might have any suggestions? Have you
experienced this? Perhaps I should just give up and relay mail via a
high reputation ISP such as Amazon SES or something..
Sometimes customers approach their data transfer quota and are
warned, but don't know the best way to see what is going on.
Typically they want a breakdown of bandwidth usage by remote host,
from a single host (their VPS).
I know what I tend to use for this, but I was wondering what the
rest of you use?
I might summarise it into a wiki page that I can show to the next
person who asks.
http://bitfolk.com/ -- No-nonsense VPS hosting
I've got a Fail2Ban jail set up to ban anyone accessing any
wp-login.php more than five times. It's just triggered a dozen times
in a minute - there's another major burst of hack attempts going on.
Especially if you or any clients have an account called 'admin' on a
WP site - not a good idea, as it's the WP default and thus the primary
one hackers go for - you want to watch out.
(Another eight triggers while writing this...)