Search

Recent Posts

Tags


« | Main | »

WordPress – BotNet Login Hacking Attacks

By Dale Reagan | May 11, 2012

So, why should you use login restrictions or a Login monitor (plugin or other solution) for your WordPress site?

Just one reason – from one day of web logs for one domain – there were no successful logins during this ‘attack’.

5/9/2012

 Fail | Start/Stop | IP address | GeoIP Info
 -----|-------------------|-----------------|----------------------------------------
  1.    1 | 00:33:53/00:33:53 | 94.73.YYY.234   | RU, 39, Krasnoyarsk, N/A, 56.009701
  2. 1294 | 14:12:14/14:13:49 | 69.175.YYY.42  | US, IL, Chicago, 60661, 41.882500
  3. 1294 | 14:13:12/14:14:55 | 173.236.YYY.74 | US, IL, Chicago, N/A, 41.867500review your server logs for errors
  4. 1294 | 14:26:15/14:27:30 | 199.127.YYY.3  | US, FL, Miami
  5. 1287 | 15:27:53/15:31:37 | 66.55.YYY.98   | US, GA, Atlanta, 30356, 33.800400
  6. 1289 | 15:28:46/15:32:14 | 184.168.YYY.180 | US, AZ, Scottsdale, 85260, 33.611900
  7. 1292 | 15:29:45/15:31:29 | 174.121.YYY.185 | US, TX, Houston, 77002, 29.752300
  8. 1202 | 15:35:34/15:36:21 | 64.14.YYY.185  | US, MA, Waltham, 02451, 42.403000
  9. 1294 | 16:17:42/16:23:45 | 93.114.YYY.97  | RO, 13, Cluj-napoca, N/A, 46.766701
 10. 1294 | 17:06:35/17:09:53 | 173.247.YYY.100 | US, CA, Santa Monica, 90405, 34.011902

Total: 11541 [failed login attempts...]

Note that IP addresses have been obscured (a bit) but I would not be surprised if matches are found for many WordPress sites…

Some steps that you can take to secure WordPress include:

  1. restrict access using WordPress plugins (a simple and usually effective approach)
  2. restrict access using Apache & .htaccess (require/only allow login from specific IP addresses)
  3. restrict using mod_geoip (you can limit access by Country/City/Zip)
  4. restrict access using mod_security (many options/approaches)

The BEST solution: limit login access to only Good_IP_Addresses.

 

Topics: Problem Solving, System and Network Security, Web Technologies, Wordpress Software | Comments Off on WordPress – BotNet Login Hacking Attacks

Comments are closed.


________________________________________________
YOUR GeoIP Data | Ip: 73.21.121.1
Continent: NA | Country Code: US | Country Name: United States
Region: | State/Region Name: | City:
(US only) Area Code: 0 | Postal code/Zip:
Latitude: 38.000000 | Longitude: -97.000000
Note - if using a mobile device your physical location may NOT be accurate...
________________________________________________

Georgia-USA.Com - Web Hosting for Business
____________________________________