How I Stopped a Hacker with Wordfence
-
Thanks Worfence! I stopped a hacker.
The hacker was using Amazon and Google Cloud platforms to try to hack in.
I could see where he was trying from in the Wordfence Live Traffic:
https://abc.com/wp-admin/admin.php?page=WordfenceToolsThen I was seeing these two forms of links as the Hostname:
c2-13-53-109-34.eu-north-1.compute.amazonaws.com
21.209.143.34.bc.googleusercontent.comSo I reported him at:
https://aws.amazon.com/premiumsupport/knowledge-center/report-aws-abuse/ (or [email protected])
and
https://support.google.com/code/contact/cloud_platform_report?hl=enI sent in the logs, and reported him to a few other hosting companies that were legitimate.
Them BAM! About 3 days later he quit. They cancelled him. I think he lost a lot of material that was in his account when they cancelled him, and he needed to be able to use the AWS and Google platforms to do his legitimate work – so he voluntarily quit.
Here are some tips if you have to report someone:
Click on “Run Whois” to get the email address to report to.
Source port(s) & protocol(s) – This is the IP where the hacker is attacking from. For example:
ec2-15-207-181-92.ap-south-1.compute.amazonaws.com — has the IP address of —
15.207.181.92Destination IP(s) – This is the IP address of your website.
Destination port(s) and protocol(s) – For me, this was the links he was trying to hack in through, such as:
https://abc.com/wp-login.php?redirect_to=https%3A%2F%2Fsystembustersparadise.com%2Fwp-admin%2F
https://abc.com/wp-login.phpThanks again WF!
- The topic ‘How I Stopped a Hacker with Wordfence’ is closed to new replies.
