Same malicious IP attacking two of my websites

  • Resolved Vince992001

    (@vince992001)


    3 years, 9 months ago

    I’ve recently installed WordFence and have been monitoring what it finds.
    I’ve got 5 websites that I manage.

    But I was surprised to see that on two of my separate and unrelated websites, I saw the same IP address trying Brute Force Attacks on both of them, about a half hour apart.

    It seems strange that with all the hackers and all the sites out there, that the same player would be attacking two of my sites.

    Here are screen captures of the two events. in Wordfence.

    image

    I can’t help but think it must be due to a common factor. Three common factors I can think of:
    1. I am the manager.
    2. they both have WordFence.
    3. They are both on GoDaddy hosting.

    I’ve seen this happen at least one other time too in the last two weeks, from a different malicious IP, that time in Virginia.

    Has anyone else experienced this?

    Thanks

    • This topic was modified 3 years, 9 months ago by Vince992001.
    • This topic was modified 3 years, 9 months ago by Vince992001.
Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfphil

    (@wfphil)

    Hi @vince992001

    Brute force login attacks are one of the most common attacks that we see and is normal.

    We see millions of brute force login attempts per hour on WordPress sites protected with Wordfence.

    Here is a blog post explaining why hackers are interested in your site and then steps you can take to keep your admin account protected.

    https://www.wordfence.com/blog/2018/03/ask-wordfence-why-is-an-insignificant-site-like-mine-being-attacked/

    To keep yourself protected please carry out the following if you haven’t already done so:

    1) Make sure all admin accounts and those with high level access. e.g. with publisher access, use a very strong password – WordPress can auto generate a very strong password for you on an account page.

    We recommend that all users with high level access use a password manager such as 1password.com to store their complex passwords that are exceedingly difficult to remember.

    2) Set our recommended brute force protection rules. Instructions are in the link below. You can quickly find these options in the Brute Force Protection section on the All Options page:

    https://www.wordfence.com/help/firewall/brute-force/

    These rules also protect the WordPress XML-RPC interface:

    https://www.wordfence.com/blog/2017/01/xmlrpc-wp-login-brute-force/

    3) Enable two factor authentication for administrators and those with high level access e.g. with publisher access. This feature is on the Login Security page. Instructions are in the link below:

    https://www.wordfence.com/help/tools/two-factor-authentication/

    4) If there are a large amount of login attempts for the same username coming from a large pool of IP addresses then you can also enable the Google reCAPTCHA feature found on the Login Security >> Settings page.

    Plugin Support wfpeter

    (@wfpeter)

    Thread Starter Vince992001

    (@vince992001)

    OK thanks for the info.

    I’ll continue to monitor these.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Same malicious IP attacking two of my websites’ is closed to new replies.