Nearlyfreespeech the hosting provider that takes security seriously

N

NearlyFreeSpeech.NET Web HostingYou all know how much I love nearlyfreespeech, it’s one of the best hosting providers out there. Here’s one more reason, recently they alerted me to a suspicious number of login attempts to my wordpress site, which usually means someone was trying to hack it.

If you remember the post I did about the RHB bank scam, it’s quite common for hackers to inject pages onto a wordpress site to help them carry out banking scams. This was probably something similar.

Fortunately, the guys over at nearlyfreespeech were not just kind enough to log the attempts and alert me, but even automatically disabling the login page of the site to prevent something similar happening. Good on them!

Nearlyfreespeech is a great hosting provider and this just proves my point. Check out the email below:

Hello,

This is to inform you that your WordPress site:

[deleted site name]

hosted on our service is currently the target of high-volume attempts
to guess passwords through its login script.  This typically results
in excessive resource usage and site availability problems, as the
attackers are only interested in using your site’s resources to attack
others; they don’t care if their attempts to do so prevent anyone from
viewing your blog.

To protect your site and our system resources, our system has temporarily
disabled the wp-login.php script on your site.  This will prevent
the attackers from attempting to access your WordPress site, but it
will also prevent you from logging in.

When you next need to log in to your WordPress site, all you need
to do is reset the permissions of your wp-login.php script.  The
recommended permissions for this script are 0644.

This does not mean that your site is compromised, and it is typically
not necessary to take further action or contact us; we are just
letting you know what’s going on and what we’ve done to stop it.

Of course it is always important to keep sites — especially
WordPress — up to date so they will be secure, so if you haven’t
done that in a while, please consider this as a reminder to do so.

Sincerely,
NearlyFreeSpeech.NET Member Support


support@NearlyFreeSpeech.NET
NearlyFreeSpeech.NET Member Support
http://www.NearlyFreeSpeech.NET/
“Not free. Close enough.”

Just how cheap is nearlyfreespeech–around $3.60/month

5 comments

Astound us with your intelligence

  • This has happened to me as well… multiple times. Is there any way to thwart the malicious login attempts (perhaps by changing login page?)

    • Yes, there are scripts that can hide the login page so it’s no longer the default wp-login.php, though it’s much safer (though less convenient) to disable it.

  • I can’t figure out how to enter the command!! (i.e. chmod 644 /home/public/wp-login.php). Help me!!! 🙂

    • One of the easiest ways to do this, is to use WinSCP as your sFTP client. Access your sFTP server, and just change the permissions of your wp-login.php file.

      The other way is to logon via SSH and issue the CHMOD command straight from the command line.

      • Hey. Thanks for getting back to me 🙂 Managed to sort it out myself. I actually just couldn’t even figure out how to enter a shell command through my nearlyfreespeech site control panel thing.

        If anyone else wanders along here: 1. Click on Sites tab across the top (i.e. where it says member home, profile, accounts etc). 2. Click on the ‘short name’ for your site. 3. A list of ‘Actions’ will appear on the right hand side of your screen. ‘Run shell command’ is one of them.