Security Recommendations...
-
@roofboard Cloudron security is pretty reasonable, but if you're just getting DDOS'd you can block that with a simple script.
I've never used this, but it has a lot of stars and seems to be kept up to date when needed.
-
@ApplegateR Looks like his profile is private cause his profile pic and description still load for me. Weird it shows a 404 instead.
-
@roofboard said in Security Recommendations...:
a wordpress site got hacked...
A few questions:
Who did you piss off?
Which WP Cloudron App were you using?
Were updates enabled? For the plugins too?
What was changed during the hack?
Why is it a headache? (Other than it happening)
Have backups pre-hack to restore? Easy-peasy?
As @murgero said, Cloudron was designed to mitigate these types of things in many ways, and getting back online is much easier thanks to that.
-
@roofboard Are you using Sucuri or Wordfence for that site? You might want to consider their premium offerings for DDOS protection and post-hack services.
Either way, you need to figure out how they got in. Most likely it's a corrupt plugin.
-
@humptydumpty said in Security Recommendations...:
Wordfence
+1
The first I do with any new WordPress site is to install WordFence
-
@humptydumpty said in Security Recommendations...:
for that site?
Thanks for all the replies, yes I am using wordfence. The whole story is that I had just spinned up and was working on a new website and (the big admit) Never changed the default password.
So @robi I think I just got picked up by a crawler. I caught the hack in a matter of hours, rolled to a backup and rolled passwords pretty quickly. Then I installed wordfence....
In the mean time it got me thinking... If I was a hacker and was able to get into xxx.aaa.bbb.ccc then I would try again on every port. So while it is easy to install a firewall and get monitoring on wordpress....
How do I get that monitoring for the whole server? It is a rude awakening when your VPS provider wakes you up with an unusual traffic notice....
-
Another case that would have benefited from Custom Default Password ^^ Hope you learned from your mistake @roofboard :<
-
@roofboard afaik, Cloudron has built-in security for all the various ports that might be open. I don't think you need to install anything else as Cloudron does it all. I know I automatically set ssh to allow only a non-root sudo user to login with only a key, but Cloudron has had no problem installing with around that.
-
@roofboard said in Security Recommendations...:
So @robi I think I just got picked up by a crawler. I caught the hack in a matter of hours,
Yep, can't be lazy, as botnets are scanning the entire IP space for targets constantly.
And yes, many revisit previous active targets for more interesting exploits for a short time before moving on.
So order of operations and not skipping crucial initial steps is important
It happens.
Lesson learned.Could have been worse if you were not on Cloudron.
-
