LogicBoxes Blog

Global DDOS Attack on WordPress Sites by Hackers

Vivek Desai — Mon, 15 Apr 2013 12:31:37 +0000

WordPress is easy. That’s why people like it. It’s quick to set up a simple site. It’s easy to manage large amounts of content. It’s easy to add functionality without having to know how to code PHP because there is such a large developer community that makes tons of free plugins.

If you and your customers are running WordPress sites, now would be a good time to ensure that strong passwords are always used and that your username should be changed from “admin”. According to reports, there is currently a significant attack being launched at WordPress blogs across the Internet. For the most part, this is a brute-force dictionary-based attack that aims to find the password for the “admin” account that every WordPress site sets up by default. This attack is happening at a global level and WordPress instances across hosting providers are being targeted. Since the attack is highly distributed in nature (most of the IP’s used are spoofed), it is very difficult to block all malicious data.

To ensure that websites are secure and safeguarded from this attack, we recommend the following eight-step process: (feel free to share this with your customers)

1. Avoid Obvious Passwords. Use a hefty mix of alphabets, numbers and alpha-numeric characters to create a good, strong password

2. Immediately change your passwords to the WordPress admin area, FTP, any control panels, and all email accounts

3. Change the Admin Username. The attackers are in possession of 90,000 IP addresses from which they are trying to crack the default “admin” accounts on WordPress installations. So if you are still using “admin”, create a new user with admin privileges (you will need to use a different email address than the one attached to the current administrator account) and give it a strong password as defined above. Then log back in as the new user and delete the old admin account and assign all of the posts in that account to the new user. The five minutes you spend here will ensure that your hours of hard-work are safe and secure.

4. Scan your computer for viruses, keyloggers, rootkits, and botnet software. Make sure the scan is performed on all computers that have access to your site admin area

5. Update WordPress and all plugins to the latest versions

6. Add this to the .htaccess file in your document root (public_html, www, htdocs, etc). This is in order to stop direct automated attempts to log in to your site:
RewriteEngine on RewriteCond %{REQUEST_METHOD} =POST RewriteCond %{HTTP_REFERER} !^http://(.*)?.yourdomain.com [NC] RewriteCond %{REQUEST_URI} ^/wp-login\.php(.*)$ [OR] RewriteCond %{REQUEST_URI} ^/wp-admin$ RewriteRule ^(.*)$ - [R=403,L]

Note: Replace example.com below with your domain (leave the “?.” before it and everything else)

7. Now for the Plugins to install on all WordPress installations:

8. We recommend that you use Cloudflare to prevent the attack from affecting the functionality of sites that belong to you and your customers

Current statistics confirm that one in every six sites on the web runs on WordPress. That’s a lot of fodder to make a botnet out of! You can ensure your customer’s sites don’t get affected by making them aware of these simple fixes.

Got better ways to secure WordPress? Do comment and let us know!

LogicBoxes Announces Vertical Integration Solutions for New gTLDs

Vivek Desai — Tue, 19 Mar 2013 20:42:38 +0000

LogicBoxes, the developer of OrderBox , a Registrar automation product currently used by over 100 ICANN Accredited Registrars, announced the launch of a new solution, ‘Integrate Vertically’, tailored to meet the needs of New gTLD operators.

The solution is meant for those New gTLD operators that wish to set-up a Registrar subsidiary to distribute their TLDs to resellers, end-customers or internal users, without depending exclusively on existing Registrars.

“The electric fence that divided registry and registrar operations since 1999 has been torn down. gTLDs will soon out-number the active Registrars but their shelf space will be very limited. Incumbent Registrars will not be able to focus on all gTLDs as they do today. New gTLD operators need to plan their distribution strategy and evaluate the need to setup a registrar subsidiary” said Sandeep Ramchandani, Business Head of LogicBoxes.

The solution consists of a comprehensive package which offers consultancy to take New gTLD bidders through the ICANN Registrar Accreditation process, front-end and back-end registrar software set-up (using OrderBox), process and compliance management (to ensure that all clients are prepared to manage Registrar functions), and even includes white-labeled end-customer support. Once integrated, all New gTLD clients will be in an advantageous position to channel their string to LogicBoxes’ existing base of 100+ Registrars and 100,000+ Resellers. You can find more information on LogicBoxes’ latest New gTLD offering on their website here: http://www.logicboxes.com/new-gtld-applicants

About LogicBoxes:
LogicBoxes is a Technology & Consultancy Company providing Business Solutions exclusively to the large players of the Web Products & Services Industry – including New gTLD Applicants, ICANN Registrars, Domain Registries, Large Web Hosts and Domain Resellers. LogicBoxes is the world’s premiere ICANN Accreditation Consultancy provider. Over 20% of the world’s ICANN Accredited Registrars have been accredited through the LogicBoxes Consultancy Service. Additionally, LogicBoxes also offers a renowned turnkey SaaS platform – OrderBox, which provides end-to-end business automation to clients. LogicBoxes currently powers over 7 Million domains across the world through an extensive network of over 100+ registrars and 100,000+ resellers.

Meet us at World Hosting Days ’13!

Clifford deSouza — Tue, 26 Feb 2013 15:00:27 +0000

Like every year, the LogicBoxes team will be attending World Hosting Days 2013 to be held in Rust, Germany from March 19-21, 2013.

Siddharth Taliyan, Senior Manager – Sales at LogicBoxes will be speaking at 5.15pm on Thursday, March 21, 2013. He will be speaking about New gTLDs and how web hosts can seize this opportunity right now!

LogicBoxes will also be exhibiting at WHD.Global at Booth # A14. Aastha Budhiraja and Siddharth Taliyan will be available at the booth to help with on-spot ICANN Accreditation Consultancy. They can also assist you with any queries that you might have about managing your domain name portfolio.

So if you are attending WHD.Global in Rust, do not hesitate to come and say Hi! We recommend you schedule a meeting with us here so that we can give you dedicated time!.