Home › Forums › BulletProof Security Free › WordPress Brute Force Password Attack – Security log exceeds 500KB in 20 minutes
- This topic has 3 replies, 2 voices, and was last updated 11 years, 4 months ago by AITpro Admin.
-
AuthorPosts
-
WPS P&C AdminParticipant
In the last few days, I have noticed that my BPS security log file has been exceeding the 500KB threshold every day. Today it has exceeded that threshold within a 20 minute window, between 5:03pm and 5:23pm local time (Sydney, Australia).
Scanning through the log entries, there are about 50 entries per minute (almost one per second) in that 20 minute period, all from the same IP address which appears to be located in Moscow.
The log entries appear to all be identical, like this:
>>>>>>>>>>> 403 GET or Other Request Error Logged - 14/05/2013 - 5:05 pm <<<<<<<<<<< REMOTE_ADDR: 195.128.126.12 Host Name: 195.128.126.12 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: http://wpspandc.com.au/wp-login.php REQUEST_URI: /wp-login.php QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
What does this all mean? What on earth is going on? Is my website under attack?
AITpro AdminKeymasterThis is a classic automated Brute force password cracking attack. During the peak of the recent attacks on WordPress and Joomla we were seeing around 5,000 of these log entries per day.
This is a neat plugin – Stealth Login Page – that may be useful to you, but keep in mind that if you have other users that log into your site then you will need to let them know what the secret URL/Query String is to login to the site or if you have general visitor registrations to the site then you will need to let your visitors know where to login. This may not work for your site at all since you have an ecommerce site.
Or of course you can just turn Off your Security Log logging.
WPS P&C AdminParticipantIt’s a bit scary that some hacker in Moscow would want to hack into our dinky little school website, but at least BPS is there blocking them.
Thanks for the info. I will investigate the Stealth Login pluing idea.
AITpro AdminKeymaster99% of all hacking attempts are automated using hacking bots so the size or popularity of a website is not a factor since the hacker bots do not look at something like that. hacking bots are programmed with parameters to search and crawl for and go about their automated business indiscriminately.
-
AuthorPosts
- You must be logged in to reply to this topic.