Worthwhile to contact owner of hostname from login attempt?

  • Do you think it is useful to attempt to notify the owner of a hostname which has attempted login to your WordPress – to tell them that their host is being used in WordPress login attacks or possibly DDoS attacks as a member of a botnet?

    I ask because I don’t know if those hostnames listed on WP Cerber’s Activity tab can be spoofed. Is it absolutely certain those are the true hostnames from which the login attacks originated?

    If so, then maybe I will try to contact the owner sometimes. It’s not feasible to contact all of them, but it would be interesting to see where it takes me. I have visited the host of a few listed in mine and occasionally found old personal WordPress blogs.

    Actually I wonder if WP Cerber could include an option to send an email to the WHOIS contact for the hostname – either as a manual action (user must click a button) or automatic upon some criteria. But maybe that could be abused as well. So probably the manual option is best to start with.

    By the way, thanks for this wonderful plugin. It really does a great job filling a big need in default WordPress.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author gioni

    (@gioni)

    I think that sending email notifications to WHOIS email contact is not good idea. It can be treated as unsolicited email (SPAM) because we don’t know for sure what is going on a specific host.

    But it’s absolutely reasonable to send that abuse letter to an abuse email address of a network owner (ISP, hosting provider). In the vast majority cases this email address is present in the WHOIS data, which you see when you click on an IP address on the Activity tab. And yes, you can get it done automatically right now by using jetFlow.io automation scenario. Cerber will start scenario with every lockouts and obtain abuse contact from WHOIS data then send abuse email there.

    Let me know if you want to get detailed explanations.

    Thread Starter HikingMike

    (@hikingmike)

    Ok thanks, good to know that.

    What if I posted a comment to the wordpress blog I found there? (It seems like a normal person, but the site is not very active.) Maybe that person will investigate their site or inform their host.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Worthwhile to contact owner of hostname from login attempt?’ is closed to new replies.

Tags