great solution to april 2013 botnet attacks

  • After much hunting for a plugin-based solution I finally found this. It will easily let you obscure your login page so these attacks won’t have a chance to slow your server down. I suppose the server has a small overhead when dealing with the redirect for requests for the default login URL but that must be much lower than having to serve the login page and bounce incorrect logins (and track IPs of incorrect logins). It allows you to redirect all requests to the default login page while preserving requests that add a short configurable code to the login URL.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Contributor peterdog

    (@peterdog)

    Thanks for the review!

    I do recommend still using Limit Login Attempts along with it because there is a way to bypass the login page entirely and I have yet to find a plugin that closes that hole, but I am ACTIVELY looking for a way to do just that.

    Thread Starter helloari

    (@helloari)

    i use “better wordpress security” and that includes login limits.

    do you have any idea if this current attack bypasses the login page? i think it doesn’t but of course it could morph anytime.

    since it’s essentially a DDoS attack it’s hard to really fix the problem in terms of a core update.

    Plugin Contributor peterdog

    (@peterdog)

    It might not be this attack that bypasses it, but I have a few that still get caught by Limit Login Attempts, so that means they are attempting to log in without being able to find my login form URL.

    I’m hesitant to say how they are doing it, but I’m aware and testing different solutions, but haven’t found one yet.

    Thread Starter helloari

    (@helloari)

    well, if you figure it out then I sure hope you get your solution into core.

    be careful, it’s a jungle out there.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘great solution to april 2013 botnet attacks’ is closed to new replies.