To use this website fully, you first need to accept the use of cookies. By agreeing to the use of cookies you consent to the use of functional cookies. For more information read this page.

Brute force attacks on my websites

In the last few months since I setup my own server I've been experiencing something I didn't even know might have happened before now.

I'm talking about brute force attacks on each of the websites I host. None of them are at all clever and I've been mitigating these problems recently anyway. 

But before I had root access to my server I had no idea that these attacks happened so often. The last few days I have been blocking several IP addresses from SSH and website visits on the sites I host, but I'm starting to notice a trend.

In fact, this trend relates to a post I made when I first moved to WordPress. I haven't used WordPress for years and I'm happy to say that, because I wasn't a huge fan of WordPress. I ended my WordPress part of my website at the end of 2013 and I haven't looked back. However, my websites are still getting constant requests to access one certain file that doesn't exist. I'm talking about these errors in my Apache error logs:

  • /var/log/apache2/access.log.1:IP_ADDRESS - - [07/Nov/2017:12:38:28 +0000] "GET /wp-login.php HTTP/1.1" 404 28038 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"
  • /var/log/apache2/error.log.1:[Tue Nov 07 05:37:02.133215 2017] [:error] [pid 30560] [client IP_ADDRESS] script 'wp-login.php' not found or unable to stat

There are hundreds of them! As a result, I've decided since none of my customers or myself use or will use WordPress, I'm going to block all wp-login requests.

If there's one thing you should take from this post, check your logs for the same issue!


There are no comments on this page.

New comment
Powered by DASH 2.0 (beta)
Code previewClose