Category: Network Security

One More Check In on WordPress XML-RPC Fail2ban Traps

XML-RPC Attack Traffic

Just putting out an updated chart showing how this has performed through several additional months of operation. I’ve previously covered what’s happening here in detail when I began to sustain a high volume of attacks, when I implemented the fail2ban

Posted in Network Security, Web Security, WordPress

Checking in on the Performance of WordPress XML-RPC Attack Countermeasures

XML-RPC Attack Traffic

Following up on my deployment of WordPress XML-RPC attack countermeasures a few months ago, let’s have a look at how effectively the traps have performed in live operation in the intervening time.

Posted in Network Security, Web Security, WordPress

Countering WordPress XML-RPC Attacks with fail2ban

In my last post I began inquiring into the WordPress XML-RPC attacks I’ve been sustaining here on the site. Since then I’ve been further studying the threat and experimenting with responses, and I have now developed working countermeasures and cast

Posted in Network Security, Web Security, WordPress

Sustaining WordPress XML-RPC Attack Traffic

XML-RPC Attack Traffic

I’ve been experiencing the same increased frequency of attacks against WordPress’ integrated XML-RPC service in recent months as reported by many other site operators. The attacks have been covered well elsewhere, but I wanted to chronicle what I’m seeing and

Posted in Network Security, Web Security, WordPress

Network Attackers: Where In The World 3

SSH Scans by Region

Two previous rounds of analysis using IP geolocation with Whois (Part 1 and Part 2) revealed that 40% to 45% of network intrusion attempts arriving at my public-facing SSH port could be traced back to Chinese hackers, and 20% to

Posted in Network Security

Cyberwarfare Rages, Guess Where

Late breaking articles from the New York Times and Wall Street Journal this evening caught my eye, wherein one seriously pissed off Google Inc opens up a surprisingly hard line against Beijing:

Posted in Network Security

Network Attackers: Where In The World 2

SSH Scans by Region

Time to tally up the new results since my last report on network intruder geolocation using Whois. Will the trend showing two-thirds of attackers as hailing from China, Russia and the former Soviet bloc hold for this new integration period?

Posted in Network Security

Network Attackers: Where In The World

SSH Scans by Region

Let’s have a look at who’s been trying to break into SSH service on my development server recently, and where in the world they’re attacking from. Since I implemented fail2ban to trap out these attempted dictionary attacks, it’s logged the

Posted in Network Security

Network Intrusion Encounters and Countermeasures

Network intrusion threats ran rampant and unchecked on the internet, invisible to most users. You may see no apparent signs of the automatic probes directed at your computer network, arriving around the clock, scanning for potential entry points. But they

Posted in Linux, Network Security
Top