What's Between Your PC And A Virus Infested Tropical Paradise?

Were you “Taken off to Tokelau” by a rogue redirect a month or two ago? See how we’re keeping the beasts off our site.

In the prior article, I described how certain small countries leased out their domains via less than scrupulous brokers, and how unsavory actors took advantage of those domains to run malware farms.

Those unsavory sites hiding behind Tokelau and other tropical paradise domain names work in concert with a huge network of ‘bots constantly probing the defenses of web sites and trying to implant the aforementioned rogue redirects. And probe, they do: We’ve had a constant stream of attacks from known bad source addresses, attempts to inject malicious code via vulnerabilities in our older WordPress installation, attempts to crack passwords of known and guessed usernames, and many more.

The difference is that we’ve implemented a WordPress-specific firewall, and now we mostly have to check scan results and alerts, making minor tweaks to improve security further. Let me be clear, these are not small numbers – over 100,000 attacks in the past month!

Protected by Wordfence

By participating in the Wordfence network, we share and benefit from, knowledge of particularly active attack sites, which are then blacklisted, and blocked from future access to other WordPress sites in the network.

By using the firewall, we are able to detect and prevent patterns of attacks, including “complex,” which are attempts to make an end-run around the WordPress software to install malicious code, and “brute-force” attacks which target actual or guessed usernames for password cracking. By setting a low tolerance for certain types of “user” behavior, we can block attacks and keep bad actors out.

Finally we used the capabilities of the firewall to warn us of weak or leaked passwords, and make it harder for the site to be hijacked, as well as keeping us right up to date when plugins needed updates. Having seen the intensity of the attacks, we wonder how we kept the site clean at all without an application level firewall!