Jamie Balfour

Welcome to my personal website.

Find out more about me, my personal projects, reviews, courses and much more here.

Brute force attacks on my websites

07Nov2017

In the last few months since I setup my own server I've been experiencing something I didn't even know might have happened before now.

I'm talking about brute force attacks on each of the websites I host. None of them are at all clever and I've been mitigating these problems recently anyway. 

But before I had root access to my server I had no idea that these attacks happened so often. The last few days I have been blocking several IP addresses from SSH and website visits on the sites I host, but I'm starting to notice a trend.

In fact, this trend relates to a post I made when I first moved to WordPress. I haven't used WordPress for years and I'm happy to say that, because I wasn't a huge fan of WordPress. I ended my WordPress part of my website at the end of 2013 and I haven't looked back. However, my websites are still getting constant requests to access one certain file that doesn't exist. I'm talking about these errors in my Apache error logs:

  • /var/log/apache2/access.log.1:IP_ADDRESS - - [07/Nov/2017:12:38:28 +0000] "GET /wp-login.php HTTP/1.1" 404 28038 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"
  • /var/log/apache2/error.log.1:[Tue Nov 07 05:37:02.133215 2017] [:error] [pid 30560] [client IP_ADDRESS] script 'wp-login.php' not found or unable to stat

There are hundreds of them! As a result, I've decided since none of my customers or myself use or will use WordPress, I'm going to block all wp-login requests.

If there's one thing you should take from this post, check your logs for the same issue!

Posted in Web Development
apache
log
wordpress
wp-login
scam
hack
brute
force
Comments

There are no comments on this page.

New comment

Comments are welcome and encouraged, including disagreement and critique. However, this is not a space for abuse. Disagreement is welcome; personal attacks, harassment, or hate will be removed instantly. This site reflects personal opinions, not universal truths. If you can’t distinguish between the two, this probably isn’t the place for you. The system temporarily stores IP addresses and browser user agents for the purposes of spam prevention, moderation, and safeguarding. This data is automatically removed after fourteen days.

Comments powered by BalfComment

Powered by DASH 2.0
Loading
Code previewClose
!