|
When they try to crack your WP pw daily and think you don't know
You know we're just creating a list of your IP's to honeytrap right? :1orglaugh:1orglaugh
What do you guys do when you see this? |
Use a limit login attempt plugin or hide your wp-login.php/wp-admin or both. Not really anything to worry about as long as you use a strong pass and keep everything updated. It's more a nuisance screwing up server logs.
You can pentest your own site with WPScan and see what info your site is leaking i.e plugin/user enumeration |
WP fence
|
All my wp-login / wp-admin/* is behind htaccess.
Then, if multiple attemps are failed, CSF takes care of blocking in iptables. |
Quote:
|
Quote:
I think some of their intent is to have sites labeled as spammy to the SE's. You know, artificially inflating bounce rates. We found some that are hitting page after page of non-existent users, non-existent pages. One was interesting though. They placed their affiliate code for a program we promote, to one of our domains and kept searching for that link. It was easy to find out who they are and report to SE's. 'The Google', lol, hates serp manipulators. Current wave is being blamed on compromised routers. Do you agree? |
Quote:
This is what I had to do on a few feeder blogs of mine. They kept getting hit by bruteforce attacks and comments spammers. |
Quote:
|
I'll get in eventually.
|
Quote:
We're documenting their IP's and regulating how many times they can attempt login everyday. It's a side curiosity and when I get more time to go through the data I'll share it. Thanks again :thumbsup |
Yeah people are bastards, sight unseen, they don't think they're doing anything wrong. They usually just use the excuse "I'm testing the security". The real problem is when it's mostly kids/teens doing this shit.
|
Quote:
|
| All times are GMT -7. The time now is 03:23 AM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123