I have a security plugin installed on my blog. This plugin has many features including bruteforce attack detection which hardens the login page. If it detects repetitive login requests by an IP address in a short period of time, it blocks the IP for a considerable amount of time.
At the end of the day, it gives you a nice summary of what the hell happened when you were absent. Reports are scary and astonishing at the same time. I have a list of usernames that attackers tried to break in:
Admin, Administrator, Heydari, …
1000’s of requests, from countries like Ukraine, Unites States, Spain, Russia, China, …
I have no idea why my simple, lovely, harmless, postless blog is bloody interesting for some people to invest money on virtual machines on AWS as I have considerable number of attacks from public cloud.
Fellas, I promise to create accounts with author permission for all of you if you promise to stop what you’re doing and if you’re willing to write cool security articles here (seriously!). Then spend the money on pizza! Voila!
What MUST all of us do?
- Install security plugins for our content management systems (on your WordPress)
- Choose a weird username. Apparently choosing a complicated password is the way old school these days. Sad to say, but better to generate the username as well.
- Choose a very long password. No comment, generate something long long long …
- Get a knife. And keep it under your pillow. Because these guys will come to your house to find your generated username/password.