We live in the world of Analytics where words like “Big Data” are everywhere to be seen.
But, are you really sure that the visitors of your website or blog are really interested in your content?
A few years ago, maybe… But now, the cybercriminals, or more exactly their bots, are trying to gain access to your website to serve their own content to your visitors.
How do we know that?
There are many ways to find that out, but the simplest ones are:
– install a web application firewall
If you have WordPress, you might want to try one of the “firewalls” that are available for free.
You will be astonished to see that a lot of the visitors try to login into your WordPress.
I wrote back in 2013 an article describing the anatomy of a live attack from China on a WordPress blog.
On a period of 2 days:
- ~90% of the traffic was Spiders, Bots, Crawlers from Google, Baidu,
- ~8% of the traffic were attempts to register an account like the one below:
- ~2% were real visitors
All this happened because the website was pretty good indexed and it had a good domain name (IT Security News).
– Keep an eye on WordPress’ statistics
The situation improved a bit now, because WordPress took stance and rejects now all login attempts from “known” IPs.
This is how it looks now (period of a few months since I reset the statistics):
The blocked malicious login increases with about 100 attempts per day.
Unfortunately, you don’t see these things using services like Google Analytics or even WordPress’ own JetPack statistics.
You just see visitors if you look at the top level statistics…
Only if you dive deeper in the stats, you can see that many visitors – the vast majority if you are under attack or your site is being indexed by spiders and robots, will stop at the Home level. They don’t go further as they are satisfied by the meta keywords of the website, which are usually found in every page, including the Home page.
What can you do?
Well, the first thing to think about is if you want to do something about it. If you block spiders and robots, you will no longer be found by search engines. You probably don’t want this.
You can block however, malicious login attempts. There are tips how to harden WordPress. More or less the same applies to other platforms.
Or you can install a firewall plugin for WordPress and configure it to block the IPs which attempt to apply brute force.
Sorin Mustaca, CSSLP, Security+, Project+
© Copyright 2015 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca - Security & Technology
Interested in professional consulting on this topic?
Check Endpoint Cybersecurity to see the consulting services we offer.
You must be logged in to post a comment.