WordPress Hacking

I always track 404 errors just on general principle – I like to make sure that my WordPress site isn’t having any problems – bad links, and so forth… so imagine my surprise when I crawled out of bed this Saturday, turned on my computer, and spotted this in my email:

404 Errors

I started looking through the emails, and here’s what I found:

False URL: http://benholmesonline.com/join.php
False URL: http://benholmesonline.com/signup
False URL: http://benholmesonline.com/tiki-register.php
False URL: http://benholmesonline.com/sign_up.html
False URL: http://benholmesonline.com/login.php
False URL: http://benholmesonline.com/member.php?mod=logging&action=login
False URL: http://benholmesonline.com/member.php?mod=register
False URL: http://benholmesonline.com/modules.php?app=user_reg
False URL: http://benholmesonline.com/signup/
False URL: http://benholmesonline.com/member/reg.php
False URL: http://benholmesonline.com/reg.asp
False URL: http://benholmesonline.com/logging.php?action=login
False URL: http://benholmesonline.com/CreateUser.asp
False URL: http://benholmesonline.com/login.php?action=quit
False URL: http://benholmesonline.com/bokeindex.asp
False URL: http://benholmesonline.com/bokeapply.asp
False URL: http://benholmesonline.com/signup.php
False URL: http://benholmesonline.com/registration_rules.asp?FID=0
False URL: http://benholmesonline.com/profile.php?mode=register&agreed=true&coppa=0
False URL: http://benholmesonline.com/member/index_do.php?fmdo=user&dopost=regnew
False URL: http://benholmesonline.com/register.aspx
False URL: http://benholmesonline.com/post.php
False URL: http://benholmesonline.com/join_form.php
False URL: http://benholmesonline.com/YaBB.cgi/
False URL: http://benholmesonline.com/YaBB.pl/
False URL: http://benholmesonline.com/member/register
False URL: http://benholmesonline.com/register/
False URL: http://benholmesonline.com/login.php?part=register
False URL: http://benholmesonline.com/blogs/load/recent
False URL: http://benholmesonline.com/User/Register.aspx
False URL: http://benholmesonline.com/member/join.php

They were all coming from IP 221.232.54.46 – which according to Whois records is a Chinese IP:

inetnum: 221.232.0.0 – 221.235.255.255
netname: CHINANET-HB
descr: CHINANET Hubei province network
descr: China Telecom
descr: A12,Xin-Jie-Kou-Wai Street
descr: Beijing 100088

My guess is that some Chinese hacker is trying to get into this website using some automated script.

So what does this tell us? First – make sure you keep an eye on your log files – and 404’s are certainly worth keeping an eye on – not just for hacking attempts like this – but just general website health. You don’t want any 404 errors creeping into your site… and you certainly want to be aware of any hacking attempts such as this one.

If you want to learn more about how to stop hacking attempts (such as the one above) – you can start by reading what WordPress says about Hardening WordPress. You can also install some WordPress security plugins – of which there’s a good selection that you can easily search for.

Another critical strategy is to have backups of your database – mine are emailed to me on a regular basis – so I can always recreate a site if someone gets past the security to hack it. If you take just a little bit of time with website security, you’ll be able to sleep better at night – and won’t suddenly find out that you can’t access your website.

Make sense?

About Ben Holmes

Online since the late '90's, I built my first website in 2001 - coding it on notepad. Times have changed, haven't they? Active on the Warrior's Forum and Facebook - I spend most of my time teaching people how to build their first list - and market to their subscribers. Do you have a list yet?

Leave a Reply

Your email address will not be published. Required fields are marked *