New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
wordpress blog be attacked by IP 217.66.216.68, interesting
Today I found my wordpress blog /wp-login access from IP: 217.66.216.68.
The machine access the /wp-login almost every second, I thought it just want to brute force my admin password then destroy the wordpress content.
Does any guys encounter similar problem, how do you get rid of that?
I just use nginx settings deny IP, I think it isn't good enough.
access.log
217.66.216.68 - - [02/Jul/2014:11:34:26 +0800] "POST /wp-login.php HTTP/1.0" 502 173 "-" "-"
217.66.216.68 - - [02/Jul/2014:11:34:28 +0800] "POST /wp-login.php HTTP/1.0" 502 173 "-" "-"
217.66.216.68 - - [02/Jul/2014:11:34:28 +0800] "POST /wp-login.php HTTP/1.0" 502 173 "-" "-"
217.66.216.68 - - [02/Jul/2014:11:34:29 +0800] "POST /wp-login.php HTTP/1.0" 502 173 "-" "-"
217.66.216.68 - - [02/Jul/2014:11:34:30 +0800] "POST /wp-login.php HTTP/1.0" 502 173 "-" "-"
217.66.216.68 - - [02/Jul/2014:11:34:31 +0800] "POST /wp-login.php HTTP/1.0" 502 173 "-" "-"
217.66.216.68 - - [02/Jul/2014:11:34:32 +0800] "POST /wp-login.php HTTP/1.0" 502 173 "-" "-"
217.66.216.68 - - [02/Jul/2014:11:34:33 +0800] "POST /wp-login.php HTTP/1.0" 502 173 "-" "-"
217.66.216.68 - - [02/Jul/2014:11:34:34 +0800] "POST /wp-login.php HTTP/1.0" 502 173 "-" "-"
217.66.216.68 - - [02/Jul/2014:11:34:40 +0800] "POST /wp-login.php HTTP/1.0" 502 173 "-" "-"
now I forbit the ip:
error.log
2014/07/02 16:00:33 [error] 26426#0: *156 access forbidden by rule, client: 217.66.216.68, server: blog.baozishan.in, request: "POST /wp-login.php HTTP/1.0", host: "blog.baozishan.in"
2014/07/02 16:00:34 [error] 26426#0: *157 access forbidden by rule, client: 217.66.216.68, server: blog.baozishan.in, request: "POST /wp-login.php HTTP/1.0", host: "blog.baozishan.in"
2014/07/02 16:00:35 [error] 26426#0: *158 access forbidden by rule, client: 217.66.216.68, server: blog.baozishan.in, request: "POST /wp-login.php HTTP/1.0", host: "blog.baozishan.in"
Thank all Good advise below!
@nexmark said: Block single ip by iptables
@namhuy said: Use captcha for login from
@wych: fail2ban plugin
@energytech: lockdown plugin to change admin url
Comments
If it's a single ip, Why not drop it from IPTables?
Ok, we will send nukes to IRAN to make them stop. And to thousands of other IPs too, bruteforcing innocent wordpress installs on the net.
install captcha for your login form, if you are a single user of your blog set directory password. properly just bots doing that.
Captcha's can be easily cracked, get the fail2ban plugin.
You can use the 'lockdown' plugin to change the admin url
Also, Can't you put .htaccess to deny all but your IP into
/wp-admin
If your on a static IP yes, if not then I wouldn't.
for 'basic' protection, captcha plugin it's the easiest to install. How to secure wordpress website http://www.namhuy.net/2260/how-to-secure-wordpress-website.html
Im not argueing it offers basic protection, but I wouldn't say its adequate.
If your spending time implementing a solution may aswell go for a more suitable end result using fail2ban than a flawed image OCR system.