Hackers: why isn't there a system to report IP addresses

You need to repot the hacking attempts to which ever company owns the IP address. Normally that’s the company that’s hosting the sites, and they are the only ones that can do anything about stopping the programs on their systems from doing this.

Something like this https://whois.urih.com/ will show you the organisation that the IP address is assigned to.

Just be prepared for almost no one to care, and even less to act on it. Setting up your own blocking is normally better. There’s a lot of good security plugins that will do this for you.

almost no one to care, and even less to act on it.

That’s the point I’m making. Why not?

Frankly, any revenue generated from the hacking of the site is miniscule in comparison with the damage done to the person’s business, but because it carries no penalty for the abuser, he can do it as much as he likes and ruin many people’s livelihoods in the process. There’s no penalty for him, so why should he care?

My own sites are all now hardened with Sucuri, but I’m getting between 5 and 20 reports a day of hackers trying to log on.

Is that all? ??

I’ve got sites that are getting over 1,000 a day. Best I’ve seen was one particulary bad day when one site managed to “handle” about 35,000 attempts in 3-4 hours.

And as for why not… ask the hosting companies. Most times the person that’s done it has paid for a month, set everyting up, hit everything that can find and cancelled the service. There’s nothing more that can be done than ban them from that host, and that’s only if they get reported the right way.

Yes, I’m a very small operation and I’m just doing a few sites.

Clearly, just banning them is hardly any sort of sanction.

They need to be held to account and forced to pay reparation for the damage that they do and the lives that they ruin.

I don’t think it’s that nobody cares, there is just no authority on the Web. There are no Web police. Your hosting providers care if you complain enough.

Almost all automated attacks come from compromised servers and PCs. Don’t waste your time blocking individual IPs, it’s like stomping on ants and thinking you’ve killed the entire nest.

The only time you should block individual IPs is if they are sending multiple requests per second.

Yes, that’s an issue, the server’s IP is not necessarily the IP of the originator of the attack.

There must be some way of establishing a trail back to the hacker.

Some sort of coordinated database of IP addresses that we could report would be a start to finding the perpetrators behind these attacks.

I’m not necessarily advocating that we string them up and flay them alive (although, it’s a nice thought), I just feel that they should appreciate the consequences of their actions.

Please don’t create a database of the IPs, I would recommend talking to your hosting providers about a better way of resolving your problem.

Last year someone took over a site I was looking after for a friend since when I’ve taken site security a lot more seriously.

…

There must be some way of establishing a trail back to the hacker.

Some sort of coordinated database of IP addresses that we could report would be a start to finding the perpetrators behind these attacks.

There really isn’t and more importantly tracking IPs only show you where the attack came from someone else’s compromised installation. There’s not much value in that, the IP is just that of someone who was just as misfortunate as you were last year. Would you want your site tracked and/or banned because you were compromised in the past?

The attacker set up shop and move all the time. They use other people’s installation so why track those IPs?

The goal of hardening your WordPress installation is not to catch attackers. It’s to make their attacks not matter at all.

Edit: I missed this part.

They need to be held to account and forced to pay reparation for the damage that they do and the lives that they ruin.

Again, your site was compromised. Would you want to be put on the hook for all the bad things that your site did while hacked? I don’t think you should be BTW. ??

Don’t waste your time blocking individual IPs, it’s like stomping on ants and thinking you’ve killed the entire nest.

The only time you should block individual IPs is if they are sending multiple requests per second.

Exactly. Use Wordfence Security or something similar to throttle and/or to temporarily block over-aggressive or malicious ‘bots dynamically, but do not waste time and resources building lists of IPs for static blocking.

Few things we install and configure default for our customers are the WordFence and Better WordPress Security plugins. That last one also gives advice on what you can change to make your WordPress installation more secure.

Punish under who’s laws?

Your country’s laws?
Poland’s laws?
Chile’s laws?
Columbia’s laws?
Phillipines’s laws?

Most likely the hacker’s is in one country. You and your friend are in another country, the actual server could be in another location. I am assuming your friend and you live in the same country.

How can you prove that it was a specific person?

Upgrade yur friend’s website’s password to a strong 18+ character password (both WordPress & CPanel passwords), change them every 6 months.

Making a list of IPs and things like that won’t help you much. But there are tools that can reduce the problem.

Jetpack version 3.4 added the “Protect” module, formerly known as “BruteProtect”. It aims to stop exactly this sort of mass-login effort by recognizing that these hackers are generally not targeting “you” specifically, but rather mass targeting thousands of sites at a time.

What the Protect module does is to coordinate efforts, by sending information about all login attempts back to a central server at WordPress.com, which can then recognize when an attack is taking place and send instructions back to your site to block the attack.

For example, a given IP might only hit your site a few times, before moving on to another site. If Protect is on both of those sites, then the central servers will see that same IP hitting those sites, and then can block it from further attacks, across the whole network at once. This is entirely automated.

Jetpack is free, and you just need a free WordPress.com account to use it. Yes, it comes with a few dozen other modules too, so just use the modules you want and turn off the ones you don’t.

How about some sort of database of username/ip address entries?

If you are being attacked, you could email or contact the user using that IP. Then if they are themselves are hacked they would have a headsup that their machine is compromised and if they were the originating attacker, then they would know that they have been rumbled and (hopefully) desist.

I realise this is very sensitive but currently law enforcement agencies have the capability to access that sort of information.

Obviously, we wouldn’t want a situation where private citizens can access the contact details of other online users, but isn’t there a case to set up a system whereby one can send a message to an IP address and that message sent on without that sort of information being necessarily public?

I’d object to my details being on that sort of register. ?? I have a feeling that a lot of others would too.

And what about the cases where the IP address is from another country, and that country doesn’t support that sort of “initiative”?

On top of all that, how would your Grandmother (as an example) react to having 1,00’s or 1,000’s of messages saying “Your PC/site has been hacked, fix it now or else!”.

And what about dynamic IP addresses? What happens when someone changes IP and the list is out of date? There’s a whole lot of ISP’s and even hosting companies that recycle IP addresses all the time, so the list coudl be valid for what… an hour or so at absolute most.

The security options that have been discussed here are really the best solution to this problem. Starting witch hunts for infected systems won’t help anyone, especailly when there’s much better solutions out there now,