Just had my first brush up on security... a wordpress site got hacked... what a headache!
Moving on, I am happy that Cloudron is holding up against the subsequent DDOS attack I seem to be getting pinged now over 200mm times a day, but now I need to start thinking security. Any recommendations from the community on how to beef up server security while running Cloudron?
There are many subdomains etc to think about... Maybe this security layer would need to be installed directly on the server side by side of cloudron?
a wordpress site got hacked...
A few questions:
Who did you piss off?
Which WP Cloudron App were you using?
Were updates enabled? For the plugins too?
What was changed during the hack?
Why is it a headache? (Other than it happening)
Have backups pre-hack to restore? Easy-peasy?
As @murgero said, Cloudron was designed to mitigate these types of things in many ways, and getting back online is much easier thanks to that.
@roofboard Are you using Sucuri or Wordfence for that site? You might want to consider their premium offerings for DDOS protection and post-hack services.
Either way, you need to figure out how they got in. Most likely it's a corrupt plugin.
for that site?
Thanks for all the replies, yes I am using wordfence. The whole story is that I had just spinned up and was working on a new website and (the big admit) Never changed the default password.
So @robi I think I just got picked up by a crawler. I caught the hack in a matter of hours, rolled to a backup and rolled passwords pretty quickly. Then I installed wordfence....
In the mean time it got me thinking... If I was a hacker and was able to get into xxx.aaa.bbb.ccc then I would try again on every port. So while it is easy to install a firewall and get monitoring on wordpress....
How do I get that monitoring for the whole server? It is a rude awakening when your VPS provider wakes you up with an unusual traffic notice....
@roofboard afaik, Cloudron has built-in security for all the various ports that might be open. I don't think you need to install anything else as Cloudron does it all. I know I automatically set ssh to allow only a non-root sudo user to login with only a key, but Cloudron has had no problem installing with around that.
So @robi I think I just got picked up by a crawler. I caught the hack in a matter of hours,
Yep, can't be lazy, as botnets are scanning the entire IP space for targets constantly.
And yes, many revisit previous active targets for more interesting exploits for a short time before moving on.
So order of operations and not skipping crucial initial steps is important
It happens. Lesson learned.
Could have been worse if you were not on Cloudron.