3 Jul
2013
3 Jul
'13
12:38 p.m.
Dom Latter said:
I'm a bit late but I just thought I'd comment
here - it may be no use
at all against a real attacker but the greatest threat to most wordpress
sites comes from scripted attacks - which may well assume a default
wp_ prefix. Because it works (for the attacker) well enough.
Hmm, given a firewall preventing access to MySQL from outside the VPS,
they still have to get into the WordPress setup, and that is almost
always going to involve getting into (or making, via a privilege
escalation exploit) an administrator account.
I have changed my WordPress install script to have a different prefix
each time, but I don't think it will actually make any difference, and I
am not going to change the prefix on existing sites.
To avoid getting eaten by the lion, you don't have
to run faster than
the lion, just faster than the people around you.
Up to a point - that works with a lion, but it's not so successful if
your attacker is someone with a machine gun! :)
The current attack on wp-login is more like that. It has been going on
for about a week - I have upped the fail2ban bantime for this to three
days, and they still come back after that.
If it were any better at getting the right account names, I'd be using
the plugin that ensures password quality as well as limiting the rate of
login attempts.
Ian