I may have been seemingly quiet on here for the past week and a half, but this is partially because I’ve recently discovered a major brute-force attack to try to take out the security of my website. Now, this isn’t entirely unusual. Bots are always trying to find wordpress blogs with weak security, and usually going after accounts that technically don’t exist. (It’s a long story to explain, but trust me.)
However, this one was different. Not only did it go after my administration account, but it also attempted to hijack multiple user accounts, by repeatedly entering randomly generated passwords, twice a second for 8 hours total. (Despite my plugin that limits login attempts.)
I’m still cleaning out my activity log (it had over 300 pages, with 100 entries per page. I’ve managed to get it down to 110 so far.), and I’ve banned a lot of IP’s and hosts, and I’ve made some new changes to the wordpress plugins- installed some, reactivated some old ones I used, and uninstalled ones that aren’t working. In the past four to five days, I’ve noticed that things seem to have slowed down and even stopped in some cases.
I will be reaching out to people directly by email if your account was hit. Expect word from me in the next 24 hours. However, rest assured, that nothing was compromised. I just had to rethink my security setup and so forth. From what I’ve seen from the attack, though, be warned that even bots are now using video game names, character names (from anime, comics, games, TV and movies), and pop culture terms and icons. So you know the routine of keeping your password safe and secure.
I’ll do my best to keep an eye on things, and try to pick back up on doing what I started this site for in the first place- writing to keep you up to date on Falcom news.