Confused wp-login.php hackers

Few days ago I've created a solution to block wp-login.php bruteforce attacks. After implementing it to the several sites the logs now are filled with a new phenomenon.

Confused hackers, knowing that site is on the wordpress platform, try to find if this wp-login.php file is moved somewhere. And they actually scans all possible combination of paths on the site. Luckily this doesn't affect on the server's resource as hard as bruteforce attack. It's much easier to return 404 than to process erroneous credentials, which requires touching the database server.

Here is a snippet from the log:

50.63.54.154 - - [22/May/2015:09:22:10 +0300] "GET /tag/therm-a-rest/wp-login.php HTTP/1.0" 404 24068 "-" "-"
50.63.54.154 - - [22/May/2015:09:22:11 +0300] "GET /tag/therm-a-rest/administrator/index.php HTTP/1.0" 301 532 "-" "-"
50.63.54.154 - - [22/May/2015:09:22:12 +0300] "GET /2015/02/winter-night-virginity/feed/wp-login.php HTTP/1.0" 404 24068 "-" "-"
50.63.54.154 - - [22/May/2015:09:22:13 +0300] "GET /2015/02/winter-night-virginity/feed/administrator/index.php HTTP/1.0" 301 551 "-" "-"
50.63.54.154 - - [22/May/2015:09:22:14 +0300] "GET /2015/02/two-nights/feed/wp-login.php HTTP/1.0" 404 24068 "-" "-"
50.63.54.154 - - [22/May/2015:09:22:15 +0300] "GET /2015/02/two-nights/feed/administrator/index.php HTTP/1.0" 301 539 "-" "-"
50.63.54.154 - - [22/May/2015:09:22:16 +0300] "GET /2015/01/no-ceiling/wp-login.php HTTP/1.0" 404 24068 "-" "-"
50.63.54.154 - - [22/May/2015:09:22:17 +0300] "GET /2015/01/no-ceiling/administrator/index.php HTTP/1.0" 301 534 "-" "-"
50.63.54.154 - - [22/May/2015:09:22:18 +0300] "GET /category/preparation/feed/wp-login.php HTTP/1.0" 404 24068 "-" "-"
50.63.54.154 - - [22/May/2015:09:22:19 +0300] "GET /category/preparation/feed/administrator/index.php HTTP/1.0" 301 541 "-" "-"
50.63.54.154 - - [22/May/2015:09:22:19 +0300] "GET /tag/two-nights/feed/wp-login.php HTTP/1.0" 404 24068 "-" "-"
50.63.54.154 - - [22/May/2015:09:22:20 +0300] "GET /tag/two-nights/feed/administrator/index.php HTTP/1.0" 301 535 "-" "-"
50.63.54.154 - - [22/May/2015:09:22:21 +0300] "GET /tag/kuopio/feed/wp-login.php HTTP/1.0" 404 24068 "-" "-"
50.63.54.154 - - [22/May/2015:09:22:22 +0300] "GET /tag/kuopio/feed/administrator/index.php HTTP/1.0" 301 531 "-" "-"
50.63.54.154 - - [22/May/2015:09:22:23 +0300] "GET /tag/nilsia/feed/wp-login.php HTTP/1.0" 404 24068 "-" "-"
50.63.54.154 - - [22/May/2015:09:22:24 +0300] "GET /tag/nilsia/feed/administrator/index.php HTTP/1.0" 301 531 "-" "-"
50.63.54.154 - - [22/May/2015:09:22:25 +0300] "GET /tag/mikkeli/feed/wp-login.php HTTP/1.0" 404 24068 "-" "-"
50.63.54.154 - - [22/May/2015:09:22:25 +0300] "GET /tag/mikkeli/feed/administrator/index.php HTTP/1.0" 301 532 "-" "-"
50.63.54.154 - - [22/May/2015:09:22:26 +0300] "GET /tag/jetboil/feed/wp-login.php HTTP/1.0" 404 24068 "-" "-"
50.63.54.154 - - [22/May/2015:09:22:27 +0300] "GET /tag/jetboil/feed/administrator/index.php HTTP/1.0" 301 532 "-" "-"
50.63.54.154 - - [22/May/2015:09:22:28 +0300] "GET /tag/stove/feed/wp-login.php HTTP/1.0" 404 24068 "-" "-"
50.63.54.154 - - [22/May/2015:09:22:29 +0300] "GET /tag/stove/feed/administrator/index.php HTTP/1.0" 301 530 "-" "-"

This doesn't have a strong affection on server's memory usage, which swaps many times under the hard attacks. Disk usage is still the same because of logging. But I want to believe that hackers, after the unsuccessful searching, will remove my server from their lists to limit their resource wasting. Then these logs will also come to an end.

Hackers seems to have a script, that checks also for Joomla Administrator logins. The solution I wrote about in a previous post will work also for Joomla and other platforms, which have widely known paths to the logins.

1 comment

Embamprar
27-03-2017 22:09
To also appeal to their wants and needs, even though to goal is to know your target audience and discover ways to not only locate these customers. "We have a lot of confidence in what he can do.It is now crucial! By connecting your website in order to social media, you signal clear signs to the search engines like google. Indipendentemente dal vecchio, la comprensione o addirittura il sesso, tutti augura un "stomaco" set perch la zona ab muscoli possono essere la visualizzazione accurata di tutto il corpo,woolrich ebay. Wholesale Jerseys China. Constantly place your belongings (and travel documents) in the main part of the pack and NOT in the side pockets.An ideal network advertising tip that everyone should use is to leverage the web to assist with your advertising strategy.Using real-time statistics can be very helpful. Treatment consists of applying extremely high doses, over a long period of time, of the particular deficiencies that have been diagnosed.It is the same in network marketing sponsoring.To maximize affiliate marketing profits, treat your best partners like gold and dump the rest.Cheap Jerseys From China.Cheap Jerseys.
Visit my site锟斤拷http://www.cheapjerseyswholesalejerseys.us.com/

Your comment

Write the number fifty-six: