When they try to crack your WP pw daily and think you don't know - GoFuckYourself.com

Bladewire · 04-19-2017, 12:11 PM

You know we're just creating a list of your IP's to honeytrap right?

What do you guys do when you see this?

awxm · 04-19-2017, 12:29 PM

Use a limit login attempt plugin or hide your wp-login.php/wp-admin or both. Not really anything to worry about as long as you use a strong pass and keep everything updated. It's more a nuisance screwing up server logs.

You can pentest your own site with WPScan and see what info your site is leaking i.e plugin/user enumeration

Markul · 04-19-2017, 12:56 PM

WP fence

Miguel T · 04-19-2017, 01:09 PM

All my wp-login / wp-admin/* is behind htaccess.
Then, if multiple attemps are failed, CSF takes care of blocking in iptables.

Bladewire · 04-19-2017, 02:51 PM

Quote:

Originally Posted by Zuzana Miguel

All my wp-login / wp-admin/* is behind htaccess.
Then, if multiple attemps are failed, CSF takes care of blocking in iptables.

After so many failed attempts mine are documented and blocked, then they come back 24 hours later with new IP's

JuicyBunny · 04-19-2017, 08:18 PM

Quote:

Originally Posted by Bladewire

After so many failed attempts mine are documented and blocked, then they come back 24 hours later with new IP's

Boot them for longer periods of time.

I think some of their intent is to have sites labeled as spammy to the SE's. You know, artificially inflating bounce rates. We found some that are hitting page after page of non-existent users, non-existent pages.

One was interesting though. They placed their affiliate code for a program we promote, to one of our domains and kept searching for that link. It was easy to find out who they are and report to SE's. 'The Google', lol, hates serp manipulators.

Current wave is being blamed on compromised routers. Do you agree?

Miguel T · 04-19-2017, 09:03 PM

Quote:

Originally Posted by Bladewire

After so many failed attempts mine are documented and blocked, then they come back 24 hours later with new IP's

Make wp-login and wp-admin folder, IP restricted

This is what I had to do on a few feeder blogs of mine. They kept getting hit by bruteforce attacks and comments spammers.

JuicyBunny · 04-19-2017, 09:16 PM

Quote:

Originally Posted by Zuzana Miguel

Make wp-login and wp-admin folder, IP restricted

This is what I had to do on a few feeder blogs of mine. They kept getting hit by bruteforce attacks and comments spammers.

Smart answer. Asking host to do this now. If I could give you board rep I would!

Matt 26z · 04-19-2017, 09:18 PM

I'll get in eventually.

Bladewire · 04-19-2017, 09:26 PM

Quote:

Originally Posted by Zuzana Miguel

Make wp-login and wp-admin folder, IP restricted

This is what I had to do on a few feeder blogs of mine. They kept getting hit by bruteforce attacks and comments spammers.

Thanks for the tip

We're documenting their IP's and regulating how many times they can attempt login everyday. It's a side curiosity and when I get more time to go through the data I'll share it.

Thanks again

dillfly2000 · 04-19-2017, 09:33 PM

Yeah people are bastards, sight unseen, they don't think they're doing anything wrong. They usually just use the excuse "I'm testing the security". The real problem is when it's mostly kids/teens doing this shit.

Bladewire · 04-19-2017, 09:35 PM

Quote:

Originally Posted by dillfly2000

Yeah people are bastards, sight unseen, they don't think they're doing anything wrong. They usually just use the excuse "I'm testing the security". The real problem is when it's mostly kids/teens doing this shit.

The number of amoral people who are willing to do the wrong thing if they think they wont get caught is astounding.

04-19-2017, 12:11 PM	#1
Bladewire StraightBro Industry Role: Join Date: Aug 2003 Location: Monarch Beach, CA USA Posts: 56,229	When they try to crack your WP pw daily and think you don't know You know we're just creating a list of your IP's to honeytrap right? What do you guys do when you see this?

04-19-2017, 01:09 PM	#4
Miguel T ♦ Web Developer ♦ Industry Role: Join Date: May 2005 Location: Full-Stack Developer Posts: 12,470	All my wp-login / wp-admin/* is behind htaccess. Then, if multiple attemps are failed, CSF takes care of blocking in iptables. __________________ Full Stack Webdeveloper: HTML5/CSS3, jQuery, AJAX, ElevatedX, NATS, MechBunny, Wordpress

04-19-2017, 09:33 PM	#11
dillfly2000 hey Industry Role: Join Date: Mar 2012 Location: with you Posts: 2,209	Yeah people are bastards, sight unseen, they don't think they're doing anything wrong. They usually just use the excuse "I'm testing the security". The real problem is when it's mostly kids/teens doing this shit. __________________ Chaturbate Affiliate

04-19-2017, 12:29 PM	#2
awxm Confirmed User Industry Role: Join Date: Aug 2009 Posts: 819	Use a limit login attempt plugin or hide your wp-login.php/wp-admin or both. Not really anything to worry about as long as you use a strong pass and keep everything updated. It's more a nuisance screwing up server logs. You can pentest your own site with WPScan and see what info your site is leaking i.e plugin/user enumeration

04-19-2017, 12:56 PM	#3
Markul Likes Pie Industry Role: Join Date: Dec 2007 Location: The land that liberated porn Posts: 12,401	WP fence

04-19-2017, 09:18 PM	#9
Matt 26z So Fucking Banned Industry Role: Join Date: Apr 2002 Location: ¤ª"˜¨๑۩۞۩๑¨˜"ª¤ Posts: 18,481	I'll get in eventually.