Anyone using IPDB from cPGuard?

Rich

mendozal I understand the need to simplify the stack but personally I wouldn't remove WordFence from it.

For example. I have one website that's popular and it's wrapped behind CloudFlare Pro, I also had the cPanel server WAF rules and OSWAP Rules all installed, LSWS installed, and finally WordFence on top. During one summer a couple of years ago, the site was being attacked 1.4 - 1.7 Million times a month, and it was WordFence that was doing that blocking and reporting.

So the CloudFlare WAF, CSF, Mod_Sec patches at server level etc.. did not stop them attacks, WordFence did. Likewise WordFence patches issues it finds separately from other WAF's, Paid gets you them rules immediately, otherwise there given to everyone within 30 days.

I personally would Always have WordFence and LSCache installed on every website. Anything else is project dependant.

JohnB

Rich it was WordFence that was doing that blocking and reporting.

Not disagreeing as WordFence is awesome but what type of attacks was it reporting? I've seen it warn about "increased attack rate" and the "attacks" are just bots trying random URLs with odd user agents. Were the reports showing a lot of "attacks" or actual effective attacks being blocked?

I love WordFence their wording can be a bit dramatic as if to say "we saved you from NSA level pro hacker mans attacking at x / s thank ~~god~~ us that you have premium!"

Rich

JohnB

Hi John, yeah I understand the marketing and wording. Without going and finding the screen caps, it was a mixture of complex and brute force. (bot attacks) But the numbers where huge! So much so I did actually buy premium for that site, and it made no difference to the number of attacks as we was being targeted by a directed botnet, not one that was attacking loads of sites and had IP's in the real-time blacklist. It persisted for quite some months, but the website was unaffected as the server could handle the additional load without a sweat.

I've kept the premium version since, as I like the 0day patching and I am sadly on PHP 7.4 until I can re-code an old but essential plugin. But I don't believe the premium version is really needed unless you absolutely need the real-time patching.

All my other sites use the free version without problem.

Andreas

Rich This is interesting to see this. I was never really liked wordfence or any other security plugin because I did not see any benefits. It appeared to just give a false sense of security. I seen many clients with Wordfence, ithemes or sucuri etc, installed and their sites still get hacked, and they dont understand why. (maybe I will install WF again and see.

I have been using opshields on my servers.

I stumbled across this one awhile ago. https://en-ca.wordpress.org/plugins/block-bad-queries/

I have been curious about these plugins and wonder, how can we test to see how well they really work?

Rich

Andreas Hi Andreas,

Well I had one client who always had their own shared hosting, twice that website has been hacked in 5 years. What's interesting, is the last time it was hacked (very recent), I couldn't access their cpanel. So I took a backup I made a few weeks prior, put it on one of my servers near her and used WordFence to monitor all the attacks in real-time and then I created extra blocking rules, so that even if they managed to breach the site, I'd stop the scripts by name being accessible.

For 24 hours, I held off a ton of bot traffic that was trying to talk to the site, then re-attack it.

When I got cPanel access and cleaned up the old hacked code on shared hosting, cloned over the freshly updated site I'd been hosting. In less than 24 hours it was hacked again. Of course I was monitoring it, but WordFence simply couldn't scan, the shared resources where too slow to even complete. So I pointed the domain back at my servers and held off all the attacks since. That website has been running on enhance, with OLS, free CF and free WordFence very happily.

So in this instance, it was the shared hosting, they're big enough name too. I personally feel there servers where miss managed and not protected enough. Hence the extra methods of attacking.

But same code base, just on my servers I kept it safe. So WordFence can have a serious role to play, this was the free edition by the way, it's a small client.

But thats my experience, I've not played with scurri much, but respect it as a valid competitor to WordFence, I've seen some others, but in all honesty, I trust them way, way less.

As to how can you test it? Pentest a website with different security tools installed and see what works or not, I am sure someone must of put some research into this area online, maybe youtube. I don't have the time to either test or go look for the research. (I am quite happy with Wordfense)

Likewise Wordfence reports form your website let me know when plugins are out of date and if it's critical or medium issue. Likewise, if admin logs into a website and I notice the email I check and I caught the first hacker that way. Finally, it's the emails you receive with all the pen-testing research that's done both in-house and through freelancers that tip us off to any serious threats to any known plugins I might recognise.

I don't pay too much attention to the increased attack rates emails, I just take a look and see what site and attack types they're trying. Then decide if I wish to give it any more attention.

JohnB

Rich Thanks for the details.

Andreas I seen many clients with Wordfence, ithemes or sucuri etc, installed and their sites still get hacked,

Same but they usually have something common: Idiot with admin access who doesn't listen and/or poorly developed sites. I have tested wordfence and if you have a wide open plugin (or nulled) that isn't popular, its easier than you would think to get around Wordfence. For that matter almost any security plugin.

Its kinda like antivirus. It wont save you from a specially crafted payload thats new (unless its really high end antivirus on a very restrictive configuration). Its great at catching malware that's been used elsewhere though. Speaking of malware as a proof of concept I took a piece of open source malware that was detected by everything. I literally just tweaked a few lines of code and recompiled it. Nothing detected it.

Andreas

Rich @JohnB Thanks for the replies guys. I appreciate it very much.
I have a few busy sites myself and I may put Wordfence on it and see what it shows me.
These are my directadmin servers. I use cpguard on them and generally it's good. I get the odd hacked account. Normally, it's the same user getting hacked.

Yes, nulled or outdated plugins/themes are always the culprit for hacks (well mainly).
That's why I gave up these security plugins.

Also is Wordfence still resource hungry? I remember a few years ago that was a complaint from hosts that Wordfence took up a lot os system resources.

Rich

Thanks JohnB it's true most antivirus software are chasing ghosts, its the WAF over the antivirus I was more interest in with WordFence. But your right it isn't infallible. Most heuristic analysis can be easily thwarted with basic obfuscation or even a simple rewrite.

I am sure there's some good alternatives too, I did give wpcerber a try once and found it quiet nice.

Rich

Andreas I've not found it to be an issue, but I am not a mass hosting company. It really wasn't playing nicely with that overloaded cPanel recently, but then I had it on that same website and server for 5 years...

The only way to know is give it a test and see for yourself. Likewise I am sure it's performance is dependant on how busy a website is so it's a range not an exact.

JohnB

Andreas Also is Wordfence still resource hungry

The hosts that block Wordfence for resource usages are bad underpowered hosts. I've only ever had issues with resource usage on garbage like GoDaddy and bluehost which will terminate scans before they finish.

8Dweb

So, said host allows a Wordpress site, then said host has such a low bar for security that the customer sites are constantly attacked. The customer of said host then installed Wordfence as some measure of security against the insanity.

Then, said host penalizes the customer because the customer chose to have some measure of sanity in dealing with the poor security standards of said host.

Two things: #1 - No good deed goes unpunished - that is, the host, who is partially to blame for the security problems, decides to penalize the customer... #2 - stupid is as stupid does... - that is the customer remains with the host, even after realizing that the host has zero concern, nor apparent capability to provide a moderately secure platform for the customer. Instead, customer stays, and tolerates this insanity.

twest

8Dweb it's a good thing the goshitties are so bad. If they were competent then there might not be room for small/medium hosts to thrive 😉

Isaia-Arknet_PTY_LTD

8Dweb So, said host allows a WordPress site

I am a host, and I sell hosting space and resources. My responsibility stops to the point where the hardware works well and the hosting software supports developed software.

The data on the hosting account is the client's 100% responsibility, and the blame is not to be shared! The developer is sitting on the client's side, and it is not the host's responsibility for the quality of the coder or product code.

Blaming the host for not purchasing security products to stop hacking of a harmful code is like blaming Enhance developers for creating a server control panel that does not protect the server 🙂

Faults are easily mitigated, and blame is quickly figured out if you have proper knowledge regarding the industry.

If a hacker can hack server software on a hosting account without active code, it is the host's fault.
If the software hosted is hacked, it is the client's fault; no host will take responsibility for that.

It is unfair and unrealistic to blame a host for a poor choice of software or 2'ns hand coders 🙂

8Dweb

Isaia-Arknet_PTY_LTD But, is it? 😉 Frankly, the shoddy hosting environments of some of the larger hosts is what allows those of us with smaller, our boutique offerings to not only exist, but thrive.

I actually disagree that the host bears no responsibility for providing a secure (no, it is never perfect) hosting environment. This is especially true when it comes to shared hosting. If we just threw up any old server and put a bunch of users on it under the same linux user, etc... then we do bear responsibility. Sure, we could put every site on its own server, but that makes us no money.

Each host makes choices as to how to best provide for their planned or existing customer base.

Further, if you have done any HIPPA hosting, you know full well that you are responsible for your customers security and data, even down to who/what/when has access to data the customer uploads, so, no, my responsibility does not stop where the hardware works well and the software supports their content.

By the way, my earlier post was more Satire, than Serious...

Rich

I think part of the question also boils down to wither you provide managed hosting or unmanaged hosting. I agree there is a cut off expectation for unmanaged hosting, but most customers wouldn't understand or appreciate that, so I personally prefer to do managed hosting only.

Taavi

Rich I personally prefer to do managed hosting only.

Could you elaborate "managed hosting" ?
What services do you offer more then?

Rich

Taavi I manage the control panel and websites for them, security and updates, backups and and optimisations. I offer business email that I host for them. A lot of people aren't tech savy, so I help ensure their websites are running there best and the services they need work. Likewise I care about high performance infrastructure and make sure they're getting the best value. FTTB is 60 - 120ms, shared hosting can't compete with that. They don't really care, but when I tell them it helps with SEO and making the website faster, they're happy.

I am more of a Technology Consultant and so I do other services, networks, servers, development, remote support, digital marketing, media creation/editing, I help people and business's get the most out of tech, my hosting is a small part of that.