• NOW LIVE! Into the Woods--new character species, eerie monsters, and haunting villains to populate the woodlands of your D&D games.

Thistle Games: Adventures in Being Hacked

nedjer

nedjer

Adventurer
Over the last week our site has been under attack repeatedly and most visitors have faced a blank screen or been bounced-off by security measures protecting the database. This has not been fun :( but the problem looks to have been isolated and the security has prevented any actual intrusion. Everything seems to be up and running again.

Anyone suffering similar Wordpress grief may wish to check-out:

Sucuri Scan
Down For everyone?

Sure appreciate hearing if anyone continues to have problems getting in.
 

log in or register to remove this ad


If I ever work out how to fork I might turn this into a securing Wordpress thread.

On the plus side the mass infection this week didn't get me :)

Instead a pile of junk tried to hook into inactive plugins and managed to score a few hits. This included setting the install up to self SQL inject; which is a right sneaky one to watch for. It'd be easy to report attack IPs to your ISP as a batch and get yourself a temp ban.

May have to revise thinking on what Wordpress can and can't be trusted with, which is a total bind with what was lined-up for the site.
 

Just received a post from my host about Thistle Games' recent crash and burn. I can sum it up with a single quote: "apologies". I'll spare you the full :rant: but I especially liked the bit where the tech guy says 'you've have 20Mb of traffic today and 32 visitors - there's nothing wrong'. This after I'd sent a screenshot showing six months of traffic at over 10x those figures.

This leads to a simple conclusion: if you want a secure Wordpress or other site think twice about using a straight shared server, as both intruders and your host are in and operating at a level beyond your control, and at times 'vision'.

Even now they're claiming to have fixed everything when visitors are being bounced at entry - except bots, which seem to get in no problem.

Haven't decided on an exact course of action, but a nice cup of tea and a biscuit seems in order :)
 


Mark CMG said:
If the bots weren't getting through, they'd get it fixed quick, if only to keep their numbers up. :)
Click to expand...

Good with some bots for the link juice, but it was odd how they could get in. Fortunately all now seems much recovered and I heartily recommend any Wordpress site to take a serious look at something like Cloudflare to add a firewall. You don't get the full works for free, but even the basics are good.

Websitedefender protected the database during the recent goings on, but I just want sites locked down and I'm testing Cloudflare on another site right now with that in mind.
 

It's become funny now. Over 60 message back and forth to the host and everything currently fine, but they seem to have had a mix-up and one guy is still looking for 'the problem' another dude fixed earlier. I have sent him an email, but last I heard he's still looking for the now mythical problem :D
 

Similar Threads

Morrus
Evil Genius Games Attempts To Remove Bad Press [Update--And Then Adds Legal Threats!]
21 22 23 24 25
Replies
240
Views
47K
Joshua Randall
Joshua Randall
Mongoose_Matt
State of the Mongoose 2024
2 3
Replies
24
Views
4K
Mongoose_Matt
Mongoose_Matt
E
Roleplaying Games Are Improv Games
2 3 4 5 6
Replies
50
Views
5K
kenada
kenada
robowieland
It's 2023. Smartphones Exist. Horror Gaming Still Does, Too.
2 3
Replies
20
Views
8K
Golden Bee
Golden Bee
Nytmare
Three Free RPG Day Games of Fall of Magic
Replies
2
Views
820
Thondor
Thondor

Into the Woods

Remove ads

Top