403 POST Request Log Entries

Home Forums BulletProof Security Free 403 POST Request Log Entries

Tagged: 

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • September 30, 2016 at 10:01 pm #31057
    Al
    Participant

    Hello,

    From yesterday I got email from BPS Security code, I think it already five emails

    it said like this

    BPS SECURITY LOG
=================
=================

[BEGIN Total # of Security Log Entries by Type:]
Total 403 POST Request Log Entries: 1462
[END Total # of Security Log Entries by Type:]

[403 POST Request: October 1, 2016 1:54 am]
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 177.124.61.71
Host Name: ns3.locathelus.com.br
SERVER_PROTOCOL: HTTP/1.0
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-login.php
QUERY_STRING:
HTTP_USER_AGENT:
REQUEST BODY: log=bergayasukses&pwd=hamper

[403 POST Request: October 1, 2016 1:54 am]
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 177.124.61.71
Host Name: ns3.locathelus.com.br
SERVER_PROTOCOL: HTTP/1.0
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-login.php
QUERY_STRING:
HTTP_USER_AGENT:
REQUEST BODY: log=bergayasukses&pwd=gotenks

[403 POST Request: October 1, 2016 1:54 am]
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 177.124.61.71
Host Name: ns3.locathelus.com.br
SERVER_PROTOCOL: HTTP/1.0
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-login.php
QUERY_STRING:
HTTP_USER_AGENT:
REQUEST BODY: log=bergayasukses&pwd=golfgti

[403 POST Request: October 1, 2016 1:54 am]
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 177.124.61.71
Host Name: ns3.locathelus.com.br
SERVER_PROTOCOL: HTTP/1.0
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-login.php
QUERY_STRING:
HTTP_USER_AGENT:
REQUEST BODY: log=bergayasukses&pwd=gutter

    it’s a long message, I just cut it to three message, I don’t understand this message (not so good with code or technical thing)
    I tried to apply brute force plugin code, from the plugin suggestion
    I used this code in custom code tab > custom code brute force

    # Protect wp-login.php from Brute Force Login Attacks based on IP Address
<FilesMatch "^(wp-login\.php)">
Order Allow,Deny
# Add your website domain name
Allow from example.com
# Add your website/Server IP Address
Allow from 69.200.95.1
# Add your Public IP Address using 2 or 3 octets so that if/when
# your IP address changes it will still be in your subnet range. If you
# have a static IP address then use all 4 octets.
# Examples: 2 octets: 65.100. 3 octets: 65.100.50. 4 octets: 65.100.50.1
Allow from 65.100.50.
</FilesMatch>

    and add my website IP Address, I look my IP in my cpanel, but I still got that message from BPS log
    until now.

    is this okay ? like it just false alarm ? or am I doing something wrong ?
    sorry if there are word that not understood

    nb. previously I just use wordfence plugin and never have this kind of message, but something happen
    with my website (I cannot find my .htaccess in my cpanel, or login to my website, so I tried different security plugin

    October 1, 2016 at 12:39 am #31061
    AITpro Admin
    Keymaster

    Each one of those 3 Security Log entries that you posted is a separate blocked Brute Force Login attempt made by using a POST Request.  BPS has already blocked the Brute Force Login attempts/attacks and is just logging that they were blocked.  You do not need to do anything else or add any additional htaccess code.  I do not recommend that you add the additional wp-login.php IP Brute Force Login code since you could block yourself from being able to login to your website if/when your IP address is changed by your ISP.  If you do not see your .htaccess file in cPanel then look for a setting that says something like “show hidden files”.  .htaccess files are hidden by default.

    October 1, 2016 at 9:05 pm #31064
    Al
    Participant

    I see.. thank you for the answer, I will follow your advice and delete the custom code

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.