redbusiness

Hi

On my defiacted server I have the last days massive attacks of my wp-login.php, that I get a massive server load from 50 and more.

I used plugins like wordfence which are IPs blocking which want to loginto the WordPress sites with wrong usernames.

All user names are changed from admin to something else with strong passwords.

I thought would fence with blocking IPS would help, but the server load is till high.

So o tried a plugin which will move the wp.login.php to a name I like and puts out an error message on the old wp-login.php

But the server load is still high. What can you suggest me? Would a .htaccess password protection help more instead of the plugin?

Would be happy when someone can give me some tips.

Greets

Defiance Inc

Some tips you could try blocking..
from your firewall, htaccess, and webserver (this maybe too much hassle, I would stick with the first two options).

__________________

dormeo

Try cloudflare wordpress plugin.
Cloudflare is very good for protect your site for Free.

redbusiness

Hi

thanks for the infos. At moment we tried it with the firewall on the server and the htaccess rules for the wp-admin, but now seems that all the attacks are going to the index.php and i have no idea why...

And my server management team seems that they dont can solve that problem at moment. So does someone knows a good server management service and recoomend someone?

Greets

robwod

There's some basic information here you can try:

1st things first: protect your wordpress install against brute force at the very basic level:
Brute Force Attacks « WordPress Codex

2nd, unless you use it, just delete xmlrpc.php OR, restrict access to it (see point #1 above to see how to restrict access to specific files)

3rd, have your sysadmin add a tool such as fail2ban which will count failed access and just block them in a "jail" inside your server's linux firewall. And auto expire them. It will require some tweaking, but it's really effective.

4th, you can visit the Blocklist site below and download the IP lists of the reported bad ip's in a specific timeframe. These are IP's that were flagged and banned from various fail2ban installations and including everything from brute force wordpress attempts to bruteforce ssh attempts.
http://www.blocklist.de/en/export.html

There's certainly other options, but the above should give you a good starting point, and certainly should be something your sysadmin can implement for you. If not, get a new host.

__________________
NSFW

redbusiness

Hi Robwod,

thanks for your tips.

1. Against brute fore on wordpress i have installed Wordfence which blocks that attempts and also locked down the wp-login.php with a .htaccess.

2. xmlrpc.php has been blocked by my technicans on the whole server

3. fail2ban is already installed on the server, my technicans say.

What i dont understand is, that i get now all attacks directly on the index.php of wordpress. Is there somewhere in WHM a possibility where i can see it more detailed which file they try to attack? So that i can block this more specific?

Greets

host4porn

Hello if you are still having problems consider changing your host.

We can definitely help you out at host4porn.com we have cheap dedicated servers for all needs.

Contact me back if you are interested I’m sure you won’t have all those problems with us thanks to our 24/7 friendly support.

Expedited Free Setup.

__________________
host4porn
If its legal its allowed
ServeYourSite
Leading provider of adult shared hosting, vps and dedicated servers
[email protected]
[email protected]

PornoIzle

Identifies the Ips and blocked in the htaccess. That worked for me.

Denny

It should be possible to block them via htaccess. You can also ask your host to do it for you.

__________________

adentio99

Where do you have your server ? Which host company ?

TempleNode

Those brute force attacks can be filter through custom scripts for fail2ban. The ip will be blocked at firewall level so it won't hit again the server.

__________________
█ TempleNode.com
█ Tube Script Hosting
█ Server Management
█ Email Us: [email protected]
█ Skype: templenode

nightslit

This is how I solved the problem (I have wordfence installed aside too).

https://fr.wordpress.org/plugins/custom-login-url/

So I changed my login url to something like mysite.com/Imthefreakingboss and all problems solved as they will not find the url. And if they do you can just change it again...

__________________
email: [email protected] email me for link trades/hardlink exchanges
ICQ : 665974711
my sites: http://hardcoreteenfuck.com

clarka77

They're most likely attacking you because you're using a wordpress site. Try Hide My WP. It's a plugin to hide the fact that you're using wordpress.

__________________
Clark A | Web Developer