High server load of wp-login bots - GoFuckYourself.com - Adult Webmaster Forum

X

redbusiness

Confirmed User

Join Date: Sep 2008

Posts: 292
Share

Post
#1

High server load of wp-login bots

10-15-2015, 09:19 AM

Hi

On my defiacted server I have the last days massive attacks of my wp-login.php, that I get a massive server load from 50 and more.

I used plugins like wordfence which are IPs blocking which want to loginto the WordPress sites with wrong usernames.

All user names are changed from admin to something else with strong passwords.

I thought would fence with blocking IPS would help, but the server load is till high.

So o tried a plugin which will move the wp.login.php to a name I like and puts out an error message on the old wp-login.php

But the server load is still high. What can you suggest me? Would a .htaccess password protection help more instead of the plugin?

Would be happy when someone can give me some tips.

Greets
Tags: None
Defiance Inc

Confirmed User

Join Date: Apr 2008

Posts: 142
Share

Post
#2

10-25-2015, 09:43 AM

Some tips you could try blocking..
from your firewall, htaccess, and webserver (this maybe too much hassle, I would stick with the first two options).
Comment
dormeo

Confirmed User

Join Date: Jul 2014

Posts: 57
Share

Post
#3

10-25-2015, 01:13 PM

Try cloudflare wordpress plugin.
Cloudflare is very good for protect your site for Free.
Comment
redbusiness

Confirmed User

Join Date: Sep 2008

Posts: 292
Share

Post
#4

10-27-2015, 09:07 AM

Hi

thanks for the infos. At moment we tried it with the firewall on the server and the htaccess rules for the wp-admin, but now seems that all the attacks are going to the index.php and i have no idea why...

And my server management team seems that they dont can solve that problem at moment. So does someone knows a good server management service and recoomend someone?

Greets
Comment
robwod

Confirmed User

Join Date: Nov 2005

Posts: 2540
Share

Post
#5

10-27-2015, 10:02 AM

There's some basic information here you can try:

1st things first: protect your wordpress install against brute force at the very basic level:
Brute Force Attacks « WordPress Codex

2nd, unless you use it, just delete xmlrpc.php OR, restrict access to it (see point #1 above to see how to restrict access to specific files)

3rd, have your sysadmin add a tool such as fail2ban which will count failed access and just block them in a "jail" inside your server's linux firewall. And auto expire them. It will require some tweaking, but it's really effective.

4th, you can visit the Blocklist site below and download the IP lists of the reported bad ip's in a specific timeframe. These are IP's that were flagged and banned from various fail2ban installations and including everything from brute force wordpress attempts to bruteforce ssh attempts.
http://www.blocklist.de/en/export.html

There's certainly other options, but the above should give you a good starting point, and certainly should be something your sysadmin can implement for you. If not, get a new host.

NSFW
Comment
redbusiness

Confirmed User

Join Date: Sep 2008

Posts: 292
Share

Post
#6

10-27-2015, 10:30 AM

Hi Robwod,

thanks for your tips.

1. Against brute fore on wordpress i have installed Wordfence which blocks that attempts and also locked down the wp-login.php with a .htaccess.

2. xmlrpc.php has been blocked by my technicans on the whole server

3. fail2ban is already installed on the server, my technicans say.

What i dont understand is, that i get now all attacks directly on the index.php of wordpress. Is there somewhere in WHM a possibility where i can see it more detailed which file they try to attack? So that i can block this more specific?

Greets
Comment
host4porn

Registered User

Join Date: Sep 2015

Posts: 66
Share

Post
#7

11-04-2015, 08:06 AM

Hello if you are still having problems consider changing your host.

We can definitely help you out at host4porn.com we have cheap dedicated servers for all needs.

Contact me back if you are interested I’m sure you won’t have all those problems with us thanks to our 24/7 friendly support.

Expedited Free Setup.

host4porn
If its legal its allowed
ServeYourSite
Leading provider of adult shared hosting, vps and dedicated servers
[email protected]
[email protected]
Comment
PornoIzle

Confirmed User

Join Date: May 2016

Posts: 15
Share

Post
#8

05-11-2016, 09:47 AM

Identifies the Ips and blocked in the htaccess. That worked for me.
Comment
Denny

Too lazy to set a custom title

Join Date: Feb 2005

Posts: 17387
Share

Post
#9

05-13-2016, 01:51 AM

It should be possible to block them via htaccess. You can also ask your host to do it for you.
Comment
adentio99

So Fucking Banned

Join Date: Jul 2015

Posts: 366
Share

Post
#10

05-13-2016, 11:10 PM

Where do you have your server ? Which host company ?
Comment
TempleNode

Confirmed User

Join Date: Apr 2014

Posts: 38
Share

Post
#11

05-18-2016, 02:32 AM

Those brute force attacks can be filter through custom scripts for fail2ban. The ip will be blocked at firewall level so it won't hit again the server.

█ TempleNode.com
█ Tube Script Hosting
█ Server Management
█ Email Us: [email protected]
█ Skype: templenode
Comment
nightslit

Confirmed User

Join Date: Oct 2013

Posts: 226
Share

Post
#12

05-19-2016, 10:56 PM

This is how I solved the problem (I have wordfence installed aside too).

https://fr.wordpress.org/plugins/custom-login-url/

So I changed my login url to something like mysite.com/Imthefreakingboss and all problems solved as they will not find the url. And if they do you can just change it again...

email: [email protected] email me for link trades/hardlink exchanges
ICQ : 665974711
my sites: http://hardcoreteenfuck.com
Comment
clarka77

Registered User

Join Date: May 2016

Posts: 8
Share

Post
#13

06-13-2016, 08:42 AM

They're most likely attacking you because you're using a wordpress site. Try Hide My WP. It's a plugin to hide the fact that you're using wordpress.

Clark A | Web Developer
Comment

Previous template Next

Working...