I read many articles today about the brute force attack targeting Wordpress sites. My site is secure, and I just laugh at the enormous waste of that stupid bot-net's bandwidth. Each hit taxes my site about 500 bytes, so those scumbags will have to hit my site 2,000,000 times in order to waste one of my gigabytes--but that calculation seems rather liberal to me. After all, my deflate instruction is near the top of my .htaccess file, so I would wager that instead of 500 bytes, the server actually transmits each bot closer to 300 bytes, maybe lower since old 403.html is, after all, mere text, which receives quite optimal compression rates from any compression algorithm worth its salt.
But igor's solution will never be the thing people click on in google. Packaging and appearance are the thing. That is all right, because it is enough for me that my client's site is perfectly impregnable. I want his site to be fast all the time, I want it to look right all the time, and I want black hat hackers and evil bots to fail in everything they attempt.
Upon reflection, I think the stupid brute force attack against wp-login is meant to promote the sales of some cybersecurity firm(s). Let us be clear, it is not a serious attack. It is a stupid and ineffectual waste of bandwidth. Some cunning CEO may have decided to hire a bot-net to launch a stupid, ineffectual attack against everybody, knowing that the ignorant and the easily frightened would shell out money to buy a quick fix, a little band-aid to put on their precious web site to lull them into a false sense of security. I just don't which company(ies) are behind the attack, which stand to gain. There are probably a thousand different suspects.
No comments:
Post a Comment