Quote:
Originally Posted by VRPdommy
Your 5 captcha's are likely being bypassed with db insertion methods they are using.
Go back to just using 1.
You need to tighten security on the server.
Start with the DB. Then firewall and file permissions.
Take a look at all users of the file system, you might get a surprise but it needs checked. Same with DB users, but I doubt that will lead you anywhere since it is likely being inserted through WP or similar engine you are using so check the users there.
Shut down FTP server and use only sftp and change passwords and ports.
|
The attempts stopped cold one day last week. I asked my host and he just smiled.
There are no users, no one but me with dB access and there is no content. I installed Wordpress and configured it to allow only me in. That’s why they’re locked out if the login is correct.
I installed a plugin on another site that gives the option to hide the version. I upgrade regularly and have had no security issues on any site.
I’m building a new site and grabbed about fifty plugins. Several for each action so I can test them. If a plugin hasn’t been updated in a month, I delete it. The captchas I deleted as I found a better one.
I know no site is perfectly secure. But I’m hoping for really good results. I’m dumping plugins I don’t need. 404 plugins are cute but I can create my own page like I used to do.
SFTP brings back old memories. I remembered doing ftp via dos prompt.