wp-login.php bruit force attack

  • Bruit force attack on wp-login.php , facing this for the past 3 days. The attack is not from any specific ip.

    sample logs

    93.142.203.126 – – [09/Apr/2013:13:50:26 -0400] “POST /wp-login.php HTTP/1.1” 200 3840 “-” “Mozilla/5.0 (Windows NT 6.2; Win64; x64; rv:16.0.1) Gecko/20121011 Firefox/16.0.1”

    93.142.203.126 – – [09/Apr/2013:13:50:26 -0400] “POST /wp-login.php HTTP/1.1” 200 3840 “-” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1309.0 Safari/537.17”

    Herad that most of the hosting providers are facing this issue.

    Any one have solution for this.

Viewing 8 replies - 1 through 8 (of 8 total)

  • Hi,

    For the last 2 days I am also experiencing the same issue, heavy brute force attack to wp-login.php and thereby spiking the server load very high. massive hits from different IPs. The attack is happening intermittently.

    I am in deep trouble now. If somebody have a solution, kindly help me.

    Thank You !
    Mark

    Thread Starter ahsteve

    (@ahsteve)

    All the attacks are from Mozilla product. Looks like they have some security hole in there product which has been exploited.

    Are the logs at your end are showing the same.

    Steve

    I am also facing the same issue in my dedicated server. I can see numerous connections from different IPs to the wordpress admin login page wp-login.php on all the blogs in the server. Can some one suggest a best method to block these connections I would like to get a serverwide fix as it is affecting all the blogs in my server.

    Hi Steve,

    Please see the logs.

    – – [12/Apr/2013:07:48:21 -0400] “POST /wp-login.php HTTP/1.1” 200 3232 “-” “Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.15 (KHTML, like Gecko) Chrome/24.0.1295.0 Safari/537.15”
    – – [12/Apr/2013:07:48:24 -0400] “POST /wp-login.php HTTP/1.1” 200 3232 “-” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1309.0 Safari/537.17”
    – – [12/Apr/2013:07:49:18 -0400] “POST /wp-login.php HTTP/1.1” 200 3232 “-” “Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.14 (KHTML, like Gecko) Chrome/24.0.1292.0 Safari/537.14”
    – – [12/Apr/2013:07:49:21 -0400] “POST /wp-login.php HTTP/1.1” 200 3232 “-” “Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)”

    Again I am facing severe attack to all wordpress accounts in the server heading to wp-login.php.

    If anyone know a server wide fix or any latest patches, please help me urgently.

    Thank You !
    Mark

    Thread Starter ahsteve

    (@ahsteve)

    Guys

    The attack is well planned, upon scanning the logs I got more than 30000 attacking ips. They are not repeating and from different locations.

    Steve

    Many hosts are currently experiencing problems due to mass attacks. Yours may be one of them. Try contacting them.

    First step would be to block wp-login.php all together for now. Use htaccess. I am in the middle of going through 30+ WP installs

    Try to uninstall Better WP Security

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘wp-login.php bruit force attack’ is closed to new replies.