Sejak awal diluncurkan, erudisi.com sudah mendapat banyak serangan brute force. Tapi jumlahnya meningkat tajam selama 3 minggu terakhir ini. Sepertinya itu dilakukan oleh lebih dari satu orang. Entah apa tujuannya.
Bagi yang Anda yang belum mengetahui apa itu brute-force, ia adalah upaya untuk ‘membobol’ password login dengan cara mengacak username dan password sampai menemukan kombinasi yang pas dengan harapan bisa masuk ke sistem dan menguasainya. Dan itu semua dilakukan dengan bantuan program atau bot, yang bekerja terus menerus mencari username dan password Anda.
Terlepas dari apa tujuannya (yang jelas biasanya tidak baik), pastinya Anda jengkel bila mengalami serangan brute force ke blog WordPress Anda, seperti yang saya alami.
Memang ada banyak saran yang bisa dilakukan untuk mencegah dan menangkal serangan brute force, seperti mengganti nama admin, menggunakan password yang kuat, menggunakan berbagai plugin keamanan dan sebagainya.
Saya sendiri telah menerapkan semuanya. Mulai dari mengubah URL halaman login, menambahkan captcha, menggunakan plugin login limit (baik plugin yang berdiri sendiri maupun fitur dari plugin security), dan berbagai upaya lainnya.
Tapi, setelah itu semua, serangan brute force tidak kunjung reda, bahkan dalam sejam bisa puluhan upaya masuk yang gagal dan diblok IP-nya.
Saya hampir kehabisan cara, bagaimana menghentikan serangan brute force ke erudisi ini. Sampai akhirnya saya menemukan script dari pastebin. Dan setelah saya terapkan, benar saja, saat itu juga serangan brute force berhenti total. Padahal semua upaya lainnya, tidak membuahkan hasil.
Nah, bagi Anda yang juga mengalami hal yang sama, berikut adalah kode yang perlu Anda tambahkan ke file .htaccess:
# Begin Blacklist RewriteEngine on # Abuse Agent Blocking RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[Bb]andit [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^$ [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Acunetix [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^binlar [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Bolt 0 [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^BOT for JCE [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Bot mailto:craftbot@yahoo.com [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^casper [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^checkprivacy [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^clshttp [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^cmsworldmap [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^comodo [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Custo [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Default Browser 0 [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^diavol [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^DIIbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^DISCo [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^dotbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Download Demon [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^eCatch [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^EmailCollector [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Express WebPictures [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^extract [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^feedfinder [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^FHscan [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^FlashGet [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^flicky [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^FunWebProducts [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^g00g1e [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^GetRight [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^grab [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^GrabNet [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Grafula [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^harvest [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^HMView [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Image Stripper [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Image Sucker [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^InterGET [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Internet Ninja [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^InternetSeer.com [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^jakarta [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Java [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^JetCar [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^JOC Web Spider [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^kanagawa [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^kmccrew [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^larbin [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^libwww [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Mass Downloader [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Maxthon$ [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^microsoft.url [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^MIDown tool [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^miner [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Mister PiX [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*Indy [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*NEWT [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^MSFrontPage [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Navroad [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^NearSite [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Net Vampire [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^NetAnts [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^NetSpider [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^NetZIP [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^nutch [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Octopus [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Offline Explorer [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Offline Navigator [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Papa Foto [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^pavuk [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^PeoplePal [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^planetwork [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^psbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^purebot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^pycurl [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^RealDownload [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^ReGet [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Rippers 0 [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SeaMonkey$ [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^sitecheck.internetseer.com [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^skygrid [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^sucker [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SuperBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Surfbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Teleport Pro [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Toata dragostea mea pentru diavola [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^turnit [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^vikspider [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Web Image Collector [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Web Sucker [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebAuto [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebCopier [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebFetch [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebGo IS [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebReaper [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebSauger [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Website eXtractor [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Website Quester [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebStripper [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebZIP [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Wget [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Widow [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WPScan [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WWW-Mechanize [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Xaldon WebSpider [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Yandex [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Zeus [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^zmeu [NC,OR] RewriteCond %{HTTP_USER_AGENT} 360Spider [NC,OR] RewriteCond %{HTTP_USER_AGENT} AhrefsBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} CazoodleBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} discobot [NC,OR] RewriteCond %{HTTP_USER_AGENT} EasouSpider [NC,OR] RewriteCond %{HTTP_USER_AGENT} ecxi [NC,OR] RewriteCond %{HTTP_USER_AGENT} GT::WWW [NC,OR] RewriteCond %{HTTP_USER_AGENT} heritrix [NC,OR] RewriteCond %{HTTP_USER_AGENT} HTTP::Lite [NC,OR] RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR] RewriteCond %{HTTP_USER_AGENT} ia_archiver [NC,OR] RewriteCond %{HTTP_USER_AGENT} id-search [NC,OR] RewriteCond %{HTTP_USER_AGENT} id-search.org [NC,OR] RewriteCond %{HTTP_USER_AGENT} IDBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} Indy Library [NC,OR] RewriteCond %{HTTP_USER_AGENT} IRLbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ISC Systems iRc Search 2.1 [NC,OR] RewriteCond %{HTTP_USER_AGENT} LinksCrawler [NC,OR] RewriteCond %{HTTP_USER_AGENT} LinksManager.com_bot [NC,OR] RewriteCond %{HTTP_USER_AGENT} linkwalker [NC,OR] RewriteCond %{HTTP_USER_AGENT} lwp-trivial [NC,OR] RewriteCond %{HTTP_USER_AGENT} MFC_Tear_Sample [NC,OR] RewriteCond %{HTTP_USER_AGENT} Microsoft URL Control [NC,OR] RewriteCond %{HTTP_USER_AGENT} Missigua Locator [NC,OR] RewriteCond %{HTTP_USER_AGENT} MJ12bot [NC,OR] RewriteCond %{HTTP_USER_AGENT} panscient.com [NC,OR] RewriteCond %{HTTP_USER_AGENT} PECL::HTTP [NC,OR] RewriteCond %{HTTP_USER_AGENT} PHPCrawl [NC,OR] RewriteCond %{HTTP_USER_AGENT} PleaseCrawl [NC,OR] RewriteCond %{HTTP_USER_AGENT} SBIder [NC,OR] RewriteCond %{HTTP_USER_AGENT} SearchmetricsBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} Snoopy [NC,OR] RewriteCond %{HTTP_USER_AGENT} Sogou [NC,OR] RewriteCond %{HTTP_USER_AGENT} Steeler [NC,OR] RewriteCond %{HTTP_USER_AGENT} URI::Fetch [NC,OR] RewriteCond %{HTTP_USER_AGENT} urllib [NC,OR] RewriteCond %{HTTP_USER_AGENT} Web Sucker [NC,OR] RewriteCond %{HTTP_USER_AGENT} webalta [NC,OR] RewriteCond %{HTTP_USER_AGENT} WebCollage [NC,OR] RewriteCond %{HTTP_USER_AGENT} Wells Search II [NC,OR] RewriteCond %{HTTP_USER_AGENT} WEP Search [NC,OR] RewriteCond %{HTTP_USER_AGENT} XoviBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} YisouSpider [NC,OR] RewriteCond %{HTTP_USER_AGENT} zermelo [NC,OR] RewriteCond %{HTTP_USER_AGENT} ZyBorg [NC,OR] # Abuse bot blocking rule end # Abuse HTTP Referrer Blocking RewriteCond %{HTTP_REFERER} (?:100dollars-seo|4webmasters.org|7makemoneyonline|anticrawler| best-seo-offer|best-seo-solution|buttons-for-website|buttons-for-your-website|dailyrank| darodar|ilovevitaly|kambasoft|medispainstitute|offers.bycontext|ranksonic|savetubevideo| semalt|sitevaluation|trafficmonetize.org|webmonetizer.net). [NC] RewriteRule ^.* - [F,L] # Abuse HTTP Referrer Blocking end # Start Custom Blocks # Aboundex Deny from 173.192.34.95 # Bluecoat deny from 8.21.4.254 deny from 65.46.48.192/30 deny from 65.160.238.176/28 deny from 85.92.222.0/24 deny from 206.51.36.0/22 deny from 216.52.23.0/24 # cyveillance deny from 38.100.19.8/29 deny from 38.100.21.0/24 deny from 38.100.41.64/26 deny from 38.105.71.0/25 deny from 38.105.83.0/27 deny from 38.112.21.140/30 deny from 38.118.42.32/29 deny from 65.213.208.128/27 deny from 65.222.176.96/27 deny from 65.222.185.72/29 # Cyberpatrol deny from 38.103.17.160/27 # Internet Identity - Anti-Phishing deny from 66.113.96.0/20 deny from 70.35.113.192/27 # Ironport deny from 204.15.80.0/22 # Lightspeed Systems Security deny from 66.17.15.128/26 deny from 69.84.207.32/27 deny from 69.84.207.128/25 # Layered Technologies deny from 72.36.128.0/17 deny from 72.232.0.0/16 deny from 72.233.0.0/17 deny from 216.32.0.0/14 # M86 deny from 67.192.231.224/29 deny from 208.90.236.0/22 # Phish-Inspector.com deny from 209.147.127.208/28 # Prescient Software, Inc. Phishmongers deny from 198.186.190.0/23 deny from 198.186.192.0/23 deny from 198.186.194.0/24 # urlfilterdb deny from 207.210.99.32/29 # websense-in.car1.sandiego1.level3.net deny from 4.53.120.22 # Websense deny from 66.194.6.0/24 deny from 67.117.201.128/28 deny from 69.67.32.0/20 deny from 131.191.87.0/24 deny from 204.15.64.0/21 deny from 208.80.192.0/21 deny from 212.62.26.64/27 deny from 213.168.226.0/24 deny from 213.168.241.0/30 deny from 213.168.242.0/30 deny from 213.236.150.16/28 # Tambahkan blok custom tambahan di sini jika mau. # Tambahkan IP di sini. Contoh format: # deny from 4.53.120.22 # End Blacklist
Setelah Anda pasang kode tersebut, saya jamin serangan brute force ke blog WordPress Anda akan berhenti seketika. Selamat mencoba.