WordPress Brute Force Password Attack – Security log exceeds 500KB in 20 minutes

Home Forums BulletProof Security Free WordPress Brute Force Password Attack – Security log exceeds 500KB in 20 minutes

Tagged: ,

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • May 14, 2013 at 6:05 am #5646
    WPS P&C Admin
    Participant

    In the last few days, I have noticed that my BPS security log file has been exceeding the 500KB threshold every day. Today it has exceeded that threshold within a 20 minute window, between 5:03pm and 5:23pm local time (Sydney, Australia).

    Scanning through the log entries, there are about 50 entries per minute (almost one per second) in that 20 minute period, all from the same IP address which appears to be located in Moscow.

    The log entries appear to all be identical, like this:

    >>>>>>>>>>> 403 GET or Other Request Error Logged - 14/05/2013 - 5:05 pm <<<<<<<<<<<
REMOTE_ADDR: 195.128.126.12
Host Name: 195.128.126.12
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://wpspandc.com.au/wp-login.php
REQUEST_URI: /wp-login.php
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1

    What does this all mean? What on earth is going on? Is my website under attack?

    May 14, 2013 at 7:19 am #5648
    AITpro Admin
    Keymaster

    This is a classic automated Brute force password cracking attack.  During the peak of the recent attacks on WordPress and Joomla we were seeing around 5,000 of these log entries per day.

    This is a neat plugin – Stealth Login Page – that may be useful to you, but keep in mind that if you have other users that log into your site then you will need to let them know what the secret URL/Query String is to login to the site or if you have general visitor registrations to the site then you will need to let your visitors know where to login.  This may not work for your site at all since you have an ecommerce site.

    Or of course you can just turn Off your Security Log logging.

    May 15, 2013 at 6:25 am #5691
    WPS P&C Admin
    Participant

    It’s a bit scary that some hacker in Moscow would want to hack into our dinky little school website, but at least BPS is there blocking them.

    Thanks for the info. I will investigate the Stealth Login pluing idea.

    May 15, 2013 at 6:40 am #5692
    AITpro Admin
    Keymaster

    99% of all hacking attempts are automated using hacking bots so the size or popularity of a website is not a factor since the hacker bots do not look at something like that.  hacking bots are programmed with parameters to search and crawl for and go about their automated business indiscriminately.

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.