How to prevent Chinese hackers?

I have been struggling with users from China signing up on my site. My host provider gave me this website to get the code to block all of their IP addresses but I don't know where to put the code. http://www.parkansky.com/china.htm

Can you please tell me where to put this code to best protect my site? Thanks.

  • Kimberly
    • Champion of Loops

    Hey there!

    It looks as if you would need to place in your .htaccess file

    If you're not comfortable doing that I'd suggest you get some help, or contact your host about your concerns, as they should be helping to protect you from their end.

    Best,

    Kimberly

  • Tom Eagles
    • Syntax Hero

    @bee_bixby

    You would need to modify your .htaccess file.

    see the apache or documentation here.

    http://httpd.apache.org/docs/1.3/howto/auth.html#allowdeny

    Dependent on your hosting package they may have something like fail2ban installed also, ask them about what serverside security measures they can add.

    On the wordpress level, using the following will stop almost everything getting through.

    Antisplog
    wordfence
    avh first defence

    make sure all forms have some security on board that checks for auto submission something like recaptcha can help loads here also.

    Feel free to come back with any further questions if you have any.

    Cheers

    Tom

  • bee_bixby
    • WPMU DEV Initiate

    Thanks folks.
    Kimberly I tried to find that file but couldn't find it. I was hoping someone here could give me a better way to find that file. I am not a developer and as I read through the "beginner" files here, I am not sure I am up to that level yet either.

    Tom, I looked at the antisplog but it is only for a multisite and the other two didn't come up in the search engine.

    I really appreciate the help but can't find what you have suggested. Are there any other suggestions or plugins that might help?

    Thanks again.

  • phillcoxon
    • The Crimson Coder

    AVH First Defence Against Spam:

    http://wordpress.org/extend/plugins/avh-first-defense-against-spam/

    Wordfence is here:


    http://wordpress.org/extend/plugins/wordfence/

    I used it for the first time a few days ago and it is AWESOME. Once installed go to the options page and turn pretty much everything on - have it scan all your files & plugins against the WordPress originals, scan all content inside and outside your wordpress installation.

    Make sure the memory isn't set too high - it seems to default to 256Mb for me but if you click the link at the bottom of the page it will test your server to see how much memory is available. I generally set it to 50Mb.

    Once it runs the scan it will go through just about everything in your account looking for files that may have been compromised or contain Bad Things. It creates a list that you can review and take action on. Note that some tech experience is very handy here when comparing files to see what is changed.

    I cleaned out two client websites with WordPress yesterday and I'm very impressed. In fact, I'm running two scans right now to spot any re-infection in case I missed something (all good so far).

  • phillcoxon
    • The Crimson Coder

    To add the IP address blocking you'll need to edit your .htaccess file which sits in your main website directory. The easiest way to do this is probably using FTP to download the file, copy and paste the lines from the webpage you were given and then FTP the file back into place.

    That will effectively refuse any traffic from those IP addresses.

    If you can give some more detail about what sort of attacks you are suffering we can most likely recommend some other plugins that might be more useful.

    For example, WordFence also has the ability to block visitors who are using scripts to try and guess your username & password. After too many password or login failures their IP address can be blocked automatically.

    Please give more details about the problems you're having and we'll see what we can suggest.

  • bee_bixby
    • WPMU DEV Initiate

    THANKS Phil. I am running a scan now through wordfence. Your right - That was Easy! I tried cloudfare but every once in a while I couldn't get into my site and it told me that I wasn't looking at a live version.

    The other site said PHP 5 is required. Forgive my ignorance but what is that?

  • bee_bixby
    • WPMU DEV Initiate

    Phil,
    You asked about specifics and I see today that the problems I thought were fixed are not. I don't know whether it is technically hacking but I keep getting "new users" from this chinese website. when I check the IP addresses I can see that there are "uploads" to my site. I don't see that anything was actually uploaded but I thought I could block them from at least subscribing to be a user.

    I did what you suggested yesterday and today they have resigned back up.

    Can anyone help?

    Thanks

  • phillcoxon
    • The Crimson Coder

    So when you say new users - you are getting new users in your WordPress install?

    Or are you seeing uploads in your website logs?

    The first thing I suggest is make sure you have a good offsite backup for your site. Backup up everything, including your databases and download it.

    Change all of your passwords - your website FTP, control panel passwords, your WordPress admin passwords. Make sure there are no other mysterious WordPress admin users - if so, delete them.

    Also update your AUTH keys in your wp-config.php file. You down to download it via FTP, edit it and replace those lines with new lines from http://api.wordpress.org/secret-key/1.1/

    Next, go back into WordFence options and make sure you select all the options where it compares the WordPress and plugins source code against the originals in the repositories. This checks every file against the original at WordPress to see if any changes have been made.

    Make sure the options to scan all non wordpress code inside and outside the WordPress install is checked. This will help pick up any PHP files with nasty backdoor payloads sitting in your website directory.

    Look for files in your home directory called _wp_cache.php or _cache.php or some random alphanumerical combination like 78hr73f.php. If they're obviously not part of your wordpress site then delete them.

    Get your web hosting company involved. If they're any good they should be helping you out. Who are you hosting with?

    WordFence will do 90% of the work if you are doing the full scan. I had two client sites compromised a few days ago and I'm currently running a full WordFence scan on each every day to be sure it's working and I've found everything - so far so good.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.