Getting Constant Messages

And this is all from one IP address?

tim

No from 191 different IP addresses, and also I see that 1 IP address has more than 5 lock outs.For your reference I will paste the log here.

77.94.124.22 no_matches (1 lockout)
37.57.231.119 no_matches (4 lockouts)
37.57.231.110 no_matches (4 lockouts)
176.102.38.142 admin (1 lockout)
195.154.233.86 hussainsam (1 lockout)
46.164.251.248 HUSSAINSAM1234 (1 lockout)
195.154.227.52 hussainsam (4 lockouts)
79.141.161.12 hussainsam (1 lockout)
95.141.28.128 hussainsam (2 lockouts)
201.17.131.167 hussainsam (1 lockout), administrator (1 lockout), hussainsam.com (1 lockout)
77.252.213.157 administrator (2 lockouts), hussainsam (2 lockouts), hussainsam.com (1 lockout), admin (1 lockout)
88.2.28.83 hussainsam.com (1 lockout), admin (1 lockout), administrator (1 lockout)
31.195.246.241 hussainsam.com (1 lockout)
179.209.236.238 administrator (1 lockout)
78.58.33.228 hussainsam.com (1 lockout)
37.203.4.227 hussainsam.com (1 lockout)
194.58.170.10 hussainsam (1 lockout)
46.10.69.94 hussainsam.com (1 lockout)
128.75.75.227 hussainsam.com (1 lockout)
31.173.240.71 administrator (1 lockout)
82.208.100.52 hussainsam (1 lockout)
185.59.56.79 hussainsam.com (1 lockout)
212.15.148.14 hussainsam.com (1 lockout)
178.236.131.100 admin (1 lockout)
115.249.183.73 administrator (2 lockouts), hussainsam.com (1 lockout), hussainsam (1 lockout), admin (1 lockout)
188.129.255.170 hussainsam (1 lockout)
178.215.97.133 admin (1 lockout)
217.125.150.198 hussainsam.com (1 lockout), administrator (1 lockout)
177.222.144.1 hussainsam.com (1 lockout), admin (1 lockout), hussainsam (1 lockout)
95.132.240.90 admin (1 lockout)
212.93.100.200 hussainsam (1 lockout)
109.106.143.111 admin (1 lockout)
223.30.24.250 administrator (1 lockout)
185.34.240.137 admin (1 lockout)
84.122.54.168 admin (1 lockout)
89.106.198.62 hussainsam (1 lockout)
91.234.91.151 hussainsam (1 lockout)
93.100.83.254 hussainsam.com (1 lockout)
46.148.227.102 admin (1 lockout)
46.201.225.161 hussainsam.com (1 lockout)
188.242.230.69 hussainsam (1 lockout)
95.153.189.65 administrator (1 lockout)
89.223.47.199 hussainsam.com (1 lockout)
78.8.192.73 admin (1 lockout)
46.16.228.218 admin (1 lockout)
94.180.56.37 administrator (1 lockout)
179.197.147.1 administrator (1 lockout)
187.147.132.233 administrator (2 lockouts)
109.191.147.23 administrator (1 lockout)
176.212.76.39 hussainsam.com (1 lockout)
178.215.112.118 administrator (1 lockout)
176.122.250.81 administrator (1 lockout)
195.9.128.169 admin (1 lockout)
109.174.112.84 admin (1 lockout)
195.154.251.17 Admin (2 lockouts)
109.195.107.226 hussainsam (1 lockout)
95.28.47.234 hussainsam (1 lockout)
93.144.162.248 hussainsam.com (1 lockout)
171.224.26.14 admin (1 lockout)
187.112.28.99 administrator (1 lockout)
177.85.89.4 administrator (5 lockouts), hussainsam (5 lockouts), admin (6 lockouts), hussainsam.com (6 lockouts)
187.147.141.225 hussainsam.com (1 lockout), admin (1 lockout)
62.244.203.174 hussainsam.com (1 lockout)
185.58.188.34 admin (1 lockout)
93.185.185.172 admin (1 lockout), hussainsam (1 lockout), administrator (1 lockout)
77.240.168.61 hussainsam.com (1 lockout)
95.37.64.53 hussainsam (1 lockout)
94.124.244.85 administrator (1 lockout)
90.164.206.153 administrator (1 lockout)
83.13.79.43 administrator (1 lockout)
91.105.169.22 administrator (1 lockout)
178.216.123.221 hussainsam (1 lockout)
5.44.168.125 hussainsam.com (1 lockout)
94.140.237.252 admin (1 lockout)
109.254.49.115 hussainsam (1 lockout)
185.34.240.187 administrator (1 lockout)
94.137.31.42 administrator (1 lockout)
187.147.157.165 hussainsam (4 lockouts), administrator (2 lockouts)
95.55.225.20 hussainsam (1 lockout)
109.184.140.121 hussainsam.com (1 lockout)
46.61.152.185 hussainsam.com (1 lockout)
94.28.235.33 hussainsam (1 lockout)
178.47.101.82 hussainsam (1 lockout)
46.159.178.176 hussainsam (1 lockout)
5.18.59.204 administrator (1 lockout)
178.120.88.9 administrator (1 lockout)
95.30.236.32 hussainsam.com (1 lockout)
178.218.20.252 hussainsam (1 lockout)
212.40.87.236 hussainsam (1 lockout)
109.62.239.60 admin (1 lockout)
31.128.136.208 admin (1 lockout)
5.166.48.23 hussainsam (1 lockout)
80.92.9.219 admin (1 lockout)
95.224.136.143 admin (1 lockout)
189.17.66.214 Admin (2 lockouts)
179.184.34.47 Admin (2 lockouts)
88.247.43.196 Admin (2 lockouts)
81.213.206.174 Admin (1 lockout)
94.156.217.53 Admin (3 lockouts)
91.121.157.5 Admin (1 lockout)
177.5.27.151 Admin (1 lockout)
212.156.113.2 Admin (1 lockout)
200.161.115.34 Admin (2 lockouts)
62.43.197.136 hussainsam (1 lockout)
177.131.163.134 admin (3 lockouts), administrator (1 lockout), hussainsam (1 lockout)
93.80.209.252 admin (1 lockout)
177.202.45.193 hussainsam (1 lockout), hussainsam.com (1 lockout), administrator (1 lockout)
213.21.34.7 hussainsam.com (1 lockout)
84.253.118.29 admin (1 lockout)
31.192.25.109 hussainsam.com (1 lockout)
77.35.193.112 admin (1 lockout)
37.131.202.145 administrator (1 lockout)
194.135.16.51 administrator (1 lockout)
212.13.6.101 administrator (1 lockout)
178.70.146.105 admin (1 lockout)
80.245.118.126 administrator (1 lockout)
81.163.152.73 administrator (1 lockout)
95.83.190.23 hussainsam (1 lockout)
46.250.13.148 hussainsam (1 lockout)
109.184.227.221 hussainsam (1 lockout)
5.18.154.153 hussainsam.com (1 lockout)
37.29.72.236 admin (1 lockout)
217.118.78.41 administrator (1 lockout)
92.43.188.17 hussainsam.com (1 lockout)
185.3.182.238 administrator (1 lockout)
179.184.193.101 admin (1 lockout), administrator (2 lockouts)
46.8.59.207 administrator (1 lockout)
217.118.79.21 hussainsam (1 lockout)
84.23.54.73 hussainsam.com (1 lockout)
95.133.228.211 hussainsam (1 lockout)
201.80.122.116 administrator (1 lockout)
217.118.81.236 hussainsam.com (1 lockout)
81.161.46.45 administrator (1 lockout)
91.237.207.251 hussainsam (1 lockout)
86.62.110.161 administrator (1 lockout)
187.147.103.251 administrator (1 lockout), hussainsam (1 lockout), admin (1 lockout)
31.43.223.42 hussainsam.com (1 lockout)
213.87.121.43 administrator (1 lockout)
188.191.161.27 hussainsam.com (1 lockout)
189.14.233.218 hussainsam.com (1 lockout)
134.249.70.75 admin (1 lockout)
109.162.58.247 hussainsam.com (1 lockout)
177.19.188.27 hussainsam (1 lockout)
176.120.107.128 hussainsam.com (1 lockout)
46.149.90.8 administrator (1 lockout)
5.141.192.233 hussainsam.com (1 lockout)
177.101.255.106 admin (1 lockout)
95.52.56.125 administrator (1 lockout)
95.30.65.30 hussainsam.com (1 lockout)
176.74.124.139 admin (1 lockout)
78.168.222.212 administrator (1 lockout)
188.186.0.191 administrator (1 lockout)
91.202.47.122 hussainsam (2 lockouts)
93.178.219.135 hussainsam.com (1 lockout)
95.110.103.111 hussainsam (1 lockout)
212.104.93.119 hussainsam.com (1 lockout)
91.215.224.10 hussainsam.com (1 lockout)
31.129.45.180 administrator (1 lockout), hussainsam (1 lockout), admin (1 lockout)
91.193.172.148 admin (1 lockout)
94.230.46.186 admin (1 lockout)
94.51.110.97 hussainsam (1 lockout)
92.126.51.62 hussainsam.com (1 lockout)
87.239.29.40 admin (1 lockout)
85.172.167.37 hussainsam.com (1 lockout)
77.243.112.147 hussainsam.com (1 lockout)
37.146.67.219 administrator (1 lockout)
46.44.37.8 hussainsam (1 lockout)
37.235.228.54 hussainsam (1 lockout)
78.36.7.63 hussainsam.com (1 lockout)
188.124.45.85 hussainsam (1 lockout)
5.141.224.232 hussainsam (1 lockout)
128.204.46.98 hussainsam.com (1 lockout)
194.8.235.230 hussainsam.com (1 lockout)
95.79.175.189 hussainsam.com (1 lockout)
46.39.55.97 administrator (1 lockout)
176.124.24.75 hussainsam.com (1 lockout)
77.120.81.6 admin (1 lockout)
91.105.168.78 hussainsam (1 lockout)
193.169.122.55 hussainsam (1 lockout)
78.36.28.233 hussainsam.com (1 lockout)
191.249.132.17 admin (1 lockout)
91.229.206.151 administrator (1 lockout)
213.14.71.194 admin (1 lockout)
77.246.99.70 administrator (1 lockout)
37.1.57.170 admin (1 lockout)
178.134.189.115 hussainsam (1 lockout)
193.150.56.13 hussainsam (1 lockout)
179.217.199.40 hussainsam.com (1 lockout)
185.93.187.69 admin (4 lockouts)
80.77.162.71 admin (1 lockout)
185.56.82.14

Why large number of attack is taking place for my website,within less than 24 hours.. I have updated all my plugins,Themes and what not!.

So, hussainsam, is your question why are you being targeted or is it why is Wordfence sending so many emails?

Sooner or later all websites get attacked and that is usually by a bot or botnet. That’s why we use security plugins. I doubt that you are being picked on specifically.

My gripe with Wordfence is that although I setup the plugin to send a max of 1 email per hour I can get hundreds.

hussainsam,

On the Wordfence Options page, if you set “Maximum email alerts to send per hour” you should receive fewer emails. It is normal for sites to get attacks like this, from multiple IP addresses all over the world, and Wordfence does normally send one for each lockout.

If you did set a limit and it isn’t working, try turning on the option “Disable config caching”, near the bottom of the options page, and save the options. Then check your limit again, and set it again if necessary — normally, config caching makes the site a little faster, but some hosts seem to have trouble with it.

(honeyhill, turning on “Disable config caching” may work for you as well. Sorry we didn’t catch your follow-up post last time!)

-Matt R

Thank you for reply. I have changed the setting as you’ve mentioned, and manually blocked all 200 IP addresses, it seems like attack has been temporarily stopped and also mails from wordfence which is a good sign.Russia and Ukraine are the two specific country where large number of attack takes place to my website.Anyway the issue is resolved now.

Great, glad to hear it! You will probably still see large attacks like this form time to time, but if the emails are limited so they don’t fill up your inbox, it should generally be ok.

Thanks for the tip WFMattR!

If I get flooded with WF emails again I’ll give this a go. I love WF but I have had to disable it and use other security plugins in the past to get round this!!

And your mention of WF sending an email for each block is interesting but sounds odd nowadays when each attack comes from a different ip. With a virtually unlimited supply of proxies for the hackers we’re just going to get flooded even if it is only one email per attack.

Yes, on some sites it might get to be excessive, especially if the limit is not working! This is usually pretty rare, but if you can let us know if the config caching change (and re-saving your settings) makes a difference for you the next time you have an attack, we may be able to see why it doesn’t work on your host.

On sites that get a lot of attacks, you can also turn off the alerts just for the automatic blocking, if you don’t do anything in reaction to them. If the default alerts get to be excessive for a lot of people, the devs might consider setting a hourly limit by default for the maximum emails.

Thanks!

Hi, I’m getting constant messages too, but what I’m not sure about is this:-
I’ve changed my wp-admin URL.
Do all these messages mean that the bots have found my new admin URL?

6000CALL: Usually the lockout messages are from attempts on wp-login.php which isn’t in the admin folder. You can use other plugins to effectively change the name of wp-login.php too if you want. Some plugins may use files inside wp-admin, so it is also possible that people have found it.

Since this post is already marked resolved, can you create a new post if you have additional questions on this? It helps us keep track of which issues are new, and stays in line with the www.remarpro.com forum rules too. Thanks!