Hackers are without a doubt annoying, to say the least. They tend to put their noses anywhere they want, provided they see the potential of getting something out of it. If you are concerned about your data, all you really need to do is make off-site backups of your webserver and crank up your security a notch or two. That’s because when your website becomes successful, the number of hacker attempts at cracking into it will increase substantially.
So, what kinds of things can you do to protect yourself a little bit more? Here are some suggestions for you to consider.
1. Disable xmlrpc Manually
This can be disabled with a WordPress plugin, but in case your website is not on WordPress (although it really should be… hint, hint), this file should be disabled anyway for several reasons.
All you need to do is locate the .htaccess file and paste in the following code:
#Block xmlrpc.php requests <Files xmlrpc.php> order deny, allow deny from all allow from 123.123.123.123 </Files>
Now, if you happen to be running WordPress, find and install Wordfence. This plugin is great as it has some excellent features even in the FREE mode. They include Live Traffic Monitoring, Malware Scans, Firewalls, Blocking IPs and Networks. These you really need if you are running a professional website. Sooner or later a hacker will try to hack in and leave you some sort of surprise.
The Live Traffic Monitoring feature lets you see all the details of every user whether it’s a human, bot or search engine crawler that has accessed your website.
For example, a blocked attempt from a bot trying to play with your server would like something like this:
St Petersburg, Russia left https://www.testdomain.com/blogs/3-main-reasons-for/ and was blocked for UA/Referrer/IP Range not allowed at https://www.testdomain.com/blogs/
10/4/2018 7:26:53 PM (17 hours 36 mins ago)
IP: 31.184.238.9 Hostname: 31.184.238.9
Human/Bot: Bot
Browser: Opera version 54.0 running on Win7
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 OPR/54.0.2952.64
Or it could look like this entry:
Nairobi, Kenya was blocked for UA/Referrer/IP Range not allowed at https://testdomain.com/xmlrpc.php
10/4/2018 4:45:47 PM (20 hours 18 mins ago)
IP: 41.222.11.2 Hostname: 41.222.11.2
Human/Bot: Bot
Browser: Firefox version 0.0 running on Linux
Mozilla/5.0 (X11; Linux i686; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
This is a great example of a bot from Nairobi trying to play with the xmlrps.php file that I mentioned earlier. The IP range from this user was manually blocked.
2. Block All Known Hacker User Agents
This would be the way in order to set up essentially a ‘road block’ that would stop hacker user agents in their tracks:
[USER AGENTS] # SetEnvIfNoCase User-Agent ^$ keep_out SetEnvIfNoCase User-Agent (binlar|casper|cmsworldmap|comodo|diavol|dotbot|feedfinder|flicky|ia_archiver|jakarta|kmccrew|nutch|planetwork|purebot|pycurl|skygrid|sucker|turnit|vikspider|zmeu) keep_out Order Allow, Deny Allow from all Deny from env=keep_out
3. Protect Your .htaccess File From Hackers Trying To Write New Rules
The following code will take care of this for you:
<files ~ "^.*\.([Hh][Tt][Aa])"> order allow,deny deny from all satisfy all </files>
You can also protect yourself from the possibility of hackers uploading images with infected scripts. This is a very popular way of getting through to your web server and FTP… sometimes it’s the easiest…
deny from all <Files ~ "^\w+\.(gif|jpe?g|png)$"> order deny,allow allow from all </Files>
…sometimes WordPress plugins are the source of infection within your website. One example I can recall was when a TidioChat plugin was used to hack into a website to allow the upload of malicious code. The code ended up deleting most of the data on the client’s server.
Was the hacker possibly hired by a competitor? Maybe.
Regardless of whether or not that was the case, some plugins are just not as safe as they could be and contain loopholes that hackers can exploit. They use those loopholes as a wide-open backdoor entrance to your web server.
In order to keep your plugins safe from potential abuse, insert this code into your .htaccess file:
<Files ~ "\.(js|css)$"> order allow,deny allow from all </Files>
One thing you should do before you start to enter any of these codes into your .htaccess file is to back up that file so you have a copy of the original. Then you can start entering the codes I’ve shared here and test them out on your website. By using these codes, you will be able to protect your website from a potential hacking activity.
I’m sure I don’t have to explain why you want to keep hackers at bay. They continue to get smarter and smarter which means you need to keep at least one step ahead of them. Your best form of protection is what I mentioned at the beginning of this article – backups of anything you feel is important and an improvement of your security.
The harder you make it for hackers to get into your site, the better off you will be.