Nyet Comrade, Disobey

They have hacked our diplomats and influenced our election. Hacks against WordPress Login pages are up almost 200% in the last 30 days. Amazon Web Services and Outlook.com have gone down in the last 10 days for the first time this author has seen in his life. The flood of “fake news” this election season got support from a sophisticated Russian propaganda campaign that created and spread misleading articles online with the goal of punishing Democrat Hillary Clinton, helping Republican Donald Trump and undermining faith in American democracy.

Russia’s increasingly sophisticated propaganda machinery — including thousands of botnets, teams of paid human “trolls,” and networks of websites and social-media accounts — echoed and amplified right-wing sites across the Internet as they portrayed Clinton as a criminal hiding potentially fatal health problems and preparing to hand control of the nation to a shadowy cabal of global financiers. The effort also sought to heighten the appearance of international tensions and promote fear of looming hostilities with nuclear-armed Russia.

Researchers used Internet analytics tools to trace the origins of particular tweets and mapped the connections among social-media accounts that consistently delivered synchronized messages. Identifying website codes sometimes revealed common ownership. In other cases, exact phrases or sentences were echoed by sites and social-media accounts in rapid succession, signaling membership in connected networks controlled by a single entity.

So, don your tin foil hat, install Wordfence, and add the best additional security to your WordPress website and blog.

The Hill reports:

Russia has launched a sustained and sophisticated political warfare campaign against the United States and European democracies. The campaign is grander and more audacious than simply hacking in order to steal sensitive emails, and it is central to Russia’s foreign policy objectives: the weakening of European and trans-Atlantic cohesion, including the disruption or even destruction of the European Union and NATO. It is a direct assault on our system of government.

In his book The Foundations of Geopolitics: The Geopolitical Future of Russia, Aleksandr Dugin outlines Russia’s known strategy against the EU and US. This passage is practically prophetic given the events of the last 6 months:

Russia should use its special services within the borders of the United States to fuel instability and separatism, for instance, provoke Afro-American racists. Russia should introduce geopolitical disorder into internal American activity, encouraging all kinds of separatism and ethnic, social and racial conflicts, actively supporting all dissident movements – extremist, racist, and sectarian groups, thus destabilizing internal political processes in the U.S. It would also make sense simultaneously to support isolationist tendencies in American politics.

This is why now more than ever Wordfence is almost mandatory for any administrator of a WordPress website. With features even on the free version that can help protect against brute force attacks, and real time web traffic tracking, and a WordPress file system scan, there are few options as robust for a free pricepoint. Have a look at these stats for a website I manage. The left side is just my site and the right is stats for blocked brute force attacks for all Wordfence users. Guess who we see as the top offender by a vast percentage? You guessed it comrade.

Read more about Wordfence at wordfence.com.

A website I manage has seen an increased amount of bot spam on it’s login page. So much so that I felt I needed to add a reCAPTCHA, even though I’m already forcing HTTPS and am using 16 digital random alphanumeric passwords.

It’s not likely this problem will be resolved soon. But at least we can mitigate the constant barrage of bot spam with a few simple tricks.

Here’s a bonus trick. If you use WordPress purely as a CMS and you don’t need the blog features, and don’t plan to have any users except your admin who are at known IP addresses, you can block all incoming traffic from your WordPress admin and login page completely using a simple rule in your .htaccess file.

#Only allow login or admin from certain IPs
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123$
RewriteCond %{REMOTE_ADDR} !^234\.234\.234\.234$
RewriteRule ^(.*)$ - [R=403,L]

Enjoy! And stay safe,… uh,… comrades.

Leave a Reply

Your email address will not be published. Required fields are marked *