Trick to use against idiots who try to hack your site

TL:DR version: some examples of how some lifewaster hacker-wannabes try to gain unauthorised access to sites and blogs and how you can simply and effectively block them

Obviously, some people have too much time on their hands, and don’t appreciate life enough in order to do something useful with theirs, so they spend hours and days trying to hack into other people’s servers, websites, and webapps. How do I know this ? Well, this year only, I’ve found and filtered out over 300 IP addresses and user agents, behavioral patterns and 404s (not found messages) in the logs of THIS SITE ALONE (I manage several sites and blogs, both for myself and coworkers and some companies, all on different servers), that have all indicated that some idiots spend hours a day trying to hack into wordpress, joomla, and other CMS (content-management system) based sites.

Some of the IP addresses clearly indicate that they do have some serious resources at their disposal, like hacking attacks coming from datashack.net, a company or hosting service with several thousands of IP addresses, or ovh.net, again, with several hundreds of IPs at their disposal. Some of the log entries (see some examples below) clearly indicate that they either have no clue how a webserver actually operates, or they base their attacks on outdated information from 10 years ago, when hacking into a server was possible simply by knowing what components the CMS has and looking for ones that can be exploited via SQL injections or concurrent command executions.

Obviously, almost all major CMS engines are constantly being improved, and security flaws are consistently being patched by all well-known platforms, however, it looks like some of these life-wasters and hacker wannabes haven’t found out about that and try EVERY DAY the same tactict, the same M.O (modus operandi), on THE SAME SITE, in some cases from the same IP address. Now if that is not a good example of insanity, I don’t know what is 🙂

Read more