As somebody who is passionate about world travel and the free exchange of ideas around the globe, today is a sad day for me. After years of hacking attacks on my blogs which result in dozens of lock-out notices being generated every day, I've just banned a huge chunk of IP addresses from access... including all of China, Russia, and goodly chunks of several other Asian countries that are currently on the blacklist maintained by Wizcrafts.
Will this stop hacking attempts? No. I'm sure plenty of hackers will use spoofing or VPN services to keep trying. That's part of the game, and I accept it. But, after my second malware exploit this year, I had to do something to try and make it more difficult for hackers to get through, and this was my last resort.
I get no pleasure from it.
Denying access to somebody in China or Russia who runs across Blogography in a Google search and has genuine interest in something I have to say goes against my entire reason for having a blog. But I've been left with little choice. Every time my site is exploited, it takes precious time I don't have to fix it. I either have to do my best to block these hacks before they happen... or shut down my blogs entirely.
So here we are.
As is always the case, the few are ruining things for the many.
I love comments! However, all comments are moderated, and won't appear until approved. Are you an abusive troll with nothing to contribute? Don't bother. Selling something? Don't bother. Spam linking? Don't bother.
Have you tried the Bad Behaviour plugin for WordPress? It blocks a lot of bad staff without banning whole IP address ranges.
Yes. It didn’t halt the problems that iThemes Security took care of, so I went with that. It’s not that iThemes Security doesn’t handle the attacks… it does (among other things)… but wading through stuff to ban got incredibly tiresome when they were almost all from China and Russia. Oh well.
Dunno what your hosting situation is, but if you ever wanted to put the sledgehammer down in favor of a scalpel, fail2ban my go to for ssh and WP brute forcing.