Hi,
How to stop brute force attack ?
I was receive the following messages from my server…
> Dear customer,
>
> This message is to inform you we received a complaint regarding
> an IP assigned to you. Please see the complaint at the bottom
> of this e-mail. We urge you to take appropriate action to prevent
> future complaints.
>
> Please note: the complaint has been processed by an automated system.
> If you feel the complaint is invalid, please contact the complainant.
>
> Failure to take action might result in an IP block of the mentioned IP.
>
> Kind regards,
>
> LeaseWeb Netherlands B.V. – Abuse Desk
>
>
> ***** ADDITIONAL INFORMATION BY SIRT *****
> ******************************************
> ORIGINAL COMPLAINT BELOW
> ******************************************
>
> Hi, We have detected a network attack from an IP ( xx.xx.xx.xx ) from your network, a computer connected to it is probably infected and being part of a botnet. Please check it and fix it up as soon as possible. Thank you.
>
> /
>
> Saludos, Hemos detectado un ataque desde una ip ( xx.xx.xx.xx ) de su red, probablemente el equipo este infectado y este dentro de una botnet. Porfavor revisenlo y solucionenlo en la mayor brevedad posible. Muchas gracias.
>
> The IP xx.xx.xx.xx has just been banned by Fail2Ban after
> 10 attempts against apache-attack.
>
>
> Domain: blog.moodyo.com (93.93.71.190)
>
>
> Here are more information about xx.xx.xx.xx:
> Lines containing IP:xx.xx.xx.xx in /furanet/sites/*/web/htdocs/logs/access
>
> /furanet/sites/blog.moodyo.com/web/htdocs/logs/access:xx.xx.xx.xx – – [05/Dec/2014:20:23:11 +0100] “POST /wp-login.php HTTP/1.0” 200 4018 “-” “-” “-“
> /furanet/sites/blog.moodyo.com/web/htdocs/logs/access:xx.xx.xx.xx – – [05/Dec/2014:20:23:12 +0100] “POST /wp-login.php HTTP/1.0” 200 4018 “-” “-” “-“
> /furanet/sites/blog.moodyo.com/web/htdocs/logs/access:xx.xx.xx.xx – – [05/Dec/2014:20:23:12 +0100] “POST /wp-login.php HTTP/1.0” 200 4018 “-” “-” “-“
> /furanet/sites/blog.moodyo.com/web/htdocs/logs/access:xx.xx.xx.xx – – [05/Dec/2014:20:23:12 +0100] “POST /wp-login.php HTTP/1.0” 200 4018 “-” “-” “-“
> Date: Fri Dec 5 20:23:15 CET 2014
> Unix timestamp: 1417807393.83
> Lines containing IP85.17.132.38:
> NOT SORTED (from many different Machines)!
> DESTINATION-IP: 80.67.17.236,fe80::216:3eff:fe00:c920/64,,,,,
> DESTINATION-IPs: 80.67.17.236,fe80::216:3eff:fe00:c920/64,,,,,
>
> xx.xx.xx.xx – – [05/Dec/2014:12:00:29 +0100] “POST wp-login.php HTTP/1.0” 200 3954 “-” “-“
> xx.xx.xx.xx – – [05/Dec/2014:12:00:30 +0100] “POST wp-login.php HTTP/1.0” 200 4009 “-” “-“
—————————————————————————-
> ***** ADDITIONAL INFORMATION BY SIRT *****
> ******************************************
> ORIGINAL COMPLAINT BELOW
> ******************************************
>
> Dear Sir/Madam,
>
> We have detected abuse from the IP address xx.xx.xx.xx, which according to a whois lookup is on your network. We would appreciate if you would investigate and take action as appropriate.
>
> Log lines are given below, but please do not hesitate to contact [email protected] if you require further clarification.
>
> Server IP address is: xx.xx.xx.xx
>
> (If you are not the correct person to contact about this please accept our apologies – your e-mail address was extracted from the whois record by an automated process. This mail was generated automatically.)
>
> Note: Local timezone is +0100 (CET)
> xx.xx.xx.xx – – [07/Dec/2014:02:26:06 +0100] “GET /administrator/index.php HTTP/1.0” 200 4492 “-” “-“
> xx.xx.xx.xx – – [07/Dec/2014:02:26:06 +0100] “POST /administrator/index.php HTTP/1.0” 200 4782 “-” “-“
> xx.xx.xx.xx – – [07/Dec/2014:02:26:06 +0100] “GET /administrator/index.php HTTP/1.0” 200 4492 “-” “-“
> xx.xx.xx.xx – – [07/Dec/2014:02:26:06 +0100] “POST /administrator/index.php HTTP/1.0” 200 4782 “-” “-“
> xx.xx.xx.xx – – [07/Dec/2014:02:26:06 +0100] “GET /administrator/index.php HTTP/1.0” 200 4492 “-” “-“
Pls suggest me…
