Hackers finding custom login URL

  • Resolved polyfade

    (@polyfade)


    7 years, 1 month ago

    How are bots/hackers finding my Custom login URL I set up through WP Cerber, and how do I stop this?

    Every 2 failed attempts made, I have the IP blocked for 60 minutes.

    I have the following WP Cerber options enabled:

    – Stop user enumeration
    – Protect admin scripts
    – Disable XML-RPC
    – Disable feeds
    – Disable REST API
    – Block direct access to wp-login.php and return HTTP 404 Not Found Error
    – Immediately block IP when attempting to login with a non-existent username
    – Disable automatic redirecting to the login page when /wp-admin/ is requested by an unauthorized request
    – My site is behind a reverse proxy (Because I’m using Cloudflare)

    I’m not using any SEO plugin which would make that page visible, indexed or followed via search. I’m also using the default Twenty Seventeen theme. In addition, I have the WordPress Reading option enabled – Discourage search engines from indexing this site. I also run the free version of Sucuri Security along side WP Cerber.

    I’m also getting many hackers probing for vulnerable php code. The URL strings usually look like this:

    https://mysite.com/ogPipe.aspx?name=https://www.ntdtv.com/

    • This topic was modified 7 years, 1 month ago by polyfade.
    • This topic was modified 7 years, 1 month ago by polyfade.
    • This topic was modified 7 years, 1 month ago by polyfade.
    • This topic was modified 7 years, 1 month ago by Andrew Nevins.
Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author gioni

    (@gioni)

    Hi!

    How do you know that they have found your Custom login URL? Do they try to log in by using it?

    No worries, probing for vulnerable PHP code is pretty normal nowadays. There are millions infected/hacked mobile devices and PCs out there.

    Thread Starter polyfade

    (@polyfade)

    @gioni Yes, they do try to log into it through my custom url. “Attempt to log in with prohibited username.” Attempts to log in to the custom url happen many times per day.

    Currently, I use this domain as a testing sandbox. There’s like a total of 2 pages. No one else but me knows the custom url.

    The site is hosted with Fastcomet.com, but the DNS is pointed at Cloudflare.

    A snapshot of the last 24 hrs:
    184 Malicious activities mitigated
    0 Spam comments denied
    0 Spam form submissions denied
    86 Malicious IP addresses detected
    83 Lockouts occurred

    I’ve also encountered this issue with other sites using WP Cerber. But, since those are higher traffic sites on different servers with multiple users, I thought maybe it was more susceptible to this kind of problem.

    BTW, I’ve run a thorough scan on my Mac for any kind of malware, but Bitdefender returned nothing.

    • This reply was modified 7 years, 1 month ago by polyfade.
    Thread Starter polyfade

    (@polyfade)

    A complete oversight on my part. I’m embarrassed to say, I didn’t bother looking at the theme since I use this WP environment for testing. But, when logged out, in the sidebar, there is meta widget which includes the login link. Doh!

    • This reply was modified 7 years, 1 month ago by polyfade.
    Plugin Author gioni

    (@gioni)

    Yep, these things happen. ˉ\_(ツ)_/ˉ

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Hackers finding custom login URL’ is closed to new replies.