Possible flaw in 1.7.1 facilitating DoS
-
I’m getting DoS’d (4 times on one site, and I’m seeing evidence of another brewing on another site.
Here’s a strange chronology on a DoS I experienced this morning. Notice the time stamps on the emails. Appears to be a two-thread process attacking very close to the same time, and exceeding the limit I set for failed logins.
WordPress
2 failed login attempts (0 lockout(s)) from IP: 176.53.65.71 Last user attemp…
11:04 AM (6 hours ago)
WordPress
2 failed login attempts (0 lockout(s)) from IP: 176.53.65.71 Last user attemp…
11:04 AM (6 hours ago)At that point, it looks like the Zombie gave up, for 4 hours, then started trying login connections as fast as it could. By the time I was able to get the IP block into .htaccess, this IP had hit my host several thousand times.
WordPress
9 failed login attempts (3 lockout(s)) from IP: 176.53.65.71 Last user attemp…
3:04 PM (2 hours ago)
WordPress
9 failed login attempts (3 lockout(s)) from IP: 176.53.65.71 Last user attemp…
3:04 PM (2 hours ago)
WordPress
9 failed login attempts (3 lockout(s)) from IP: 176.53.65.71 Last user attemp…
3:04 PM (2 hours ago)
WordPress
2 failed login attempts (0 lockout(s)) from IP: 176.53.65.71 Last user attemp…
3:04 PM (2 hours ago)I have a honeypot user called “admin” with a very long random password. “admin” also has NO access to anything at all. It would be really cool if you could modify LLA to detect an attempt to log into a honeypot address and add that IP to the .htaccess deny list immediately.
- The topic ‘Possible flaw in 1.7.1 facilitating DoS’ is closed to new replies.
