Just got notifications of several log in attempts to my site as admin - GoFuckYourself.com

ravenazrael · 09-10-2015, 07:44 PM

I am getting a lot of notifications from these spammers
192.99.154.24
77.247.181.162

they are using TOR.. what should I do.. SO far 50 trials with different IPs all appear as blocked by google

jscott · 09-10-2015, 09:29 PM

are they hitting your login.php page (wordpress) or some other login page? You can ask your host to password protect that login page.

mikesouth · 09-10-2015, 10:03 PM

I get them at least once a day I cant protect my login page because I have members that comment and that wouldnt really be conducive The first thing you want to do is make sure that if the admin account exists it doesnt have admin privileges just ordinary ones that way if they do manage to brute force it it doesnt get them anything if you have wordpress by all means run wordfence.

there are some php and some apache stuff to weed out some proxies...google it

if ya need more help hit me up via email

Paz · 09-10-2015, 11:55 PM

You can get a list of tor IP's here and block them;
https://check.torproject.org/cgi-bin/TorBulkExitList.py

The list is very dynamic though I pull a fresh my list every 15 mins.

klinton · 09-11-2015, 01:31 AM

use wordpress plugins, like: captcha on wp-login and bruteprotect

JuicyBunny · 09-11-2015, 01:50 AM

Quote:

Originally Posted by ravenazrael

I am getting a lot of notifications from these spammers
192.99.154.24
77.247.181.162

they are using TOR.. what should I do.. SO far 50 trials with different IPs all appear as blocked by google

Familiar IPs. We get a lot from UA, CN, KR, HK and ID cause of the content.
Get Word-Fence plug in or Fail2Ban

Got our first from a TOR exit IP recently as well.

ravenazrael · 09-11-2015, 02:53 AM

Hellog guys, thanks. I already have wordfence. Good idea about the admin privileges.
Mike, I will be contacting for sure if I need more guidance! thanks!!

I used to get one or two every dat, but yesterday 50 different Ips (each was lock oit after 20 attempts) really made me wonder was going on

freecartoonporn · 09-11-2015, 12:53 PM

rename login.php to somethign else.,

suesheboy · 09-11-2015, 01:17 PM

Quote:

Originally Posted by freecartoonporn

rename login.php to somethign else.,

Step 1 is this.

Never use defaults is always step 1 on an install, step 2 is to keep records of what you change them to.

NaughtyVisions · 09-11-2015, 02:19 PM

I use wordfence and the user locker plugin. User Locker automatically locks an account with too many failed login attempts, and it can't be restored unless another administrator removes the lock.

Plus you can manually lock accounts, so the first thing I do is create "admin" to set up my wordpress, then create a different user name with administrator privileges; log into the new account, and lock and disable "admin."

Rob · 09-11-2015, 02:28 PM

Quote:

Originally Posted by freecartoonporn

rename login.php to somethign else.,

This. Bury that mother fucker deep into some sub-directory. 99% of the time they don't do this shit manually. They search for defaults and go from there. If your login.php is located somewhere else, or you don't even have an admin directory, they'll go somewhere else.

wehateporn · 09-11-2015, 02:31 PM

candyflip · 09-11-2015, 02:51 PM

I manage a blog for someone who creates Paleo cookbooks and is a NYT Best Seller. The blog gets about 75-100k visitors on any given day.

I use WordFence and get notifications when people attempt to login. It happens all day long, 24/7.

anexsia · 09-11-2015, 04:33 PM

I only allow my IP through to wp-login.php and deny everyone else so they can't even see the page let alone attempt to bruteforce.

09-10-2015, 07:44 PM	#1
ravenazrael Confirmed User Industry Role: Join Date: Nov 2011 Location: montreal Posts: 588	Just got notifications of several log in attempts to my site as admin I am getting a lot of notifications from these spammers 192.99.154.24 77.247.181.162 they are using TOR.. what should I do.. SO far 50 trials with different IPs all appear as blocked by google __________________ www.boobsrealm.com www.bestboobscams.com

09-10-2015, 10:03 PM	#3
mikesouth Confirmed User Industry Role: Join Date: Jun 2003 Location: My High Horse Posts: 6,346	I get them at least once a day I cant protect my login page because I have members that comment and that wouldnt really be conducive The first thing you want to do is make sure that if the admin account exists it doesnt have admin privileges just ordinary ones that way if they do manage to brute force it it doesnt get them anything if you have wordpress by all means run wordfence. there are some php and some apache stuff to weed out some proxies...google it if ya need more help hit me up via email __________________ Mike South It's No wonder I took up drugs and alcohol, it's the only way I could dumb myself down enough to cope with the morons in this biz.

09-11-2015, 02:53 AM	#7
ravenazrael Confirmed User Industry Role: Join Date: Nov 2011 Location: montreal Posts: 588	Hellog guys, thanks. I already have wordfence. Good idea about the admin privileges. Mike, I will be contacting for sure if I need more guidance! thanks!! I used to get one or two every dat, but yesterday 50 different Ips (each was lock oit after 20 attempts) really made me wonder was going on __________________ www.boobsrealm.com www.bestboobscams.com

09-11-2015, 12:53 PM	#8
freecartoonporn Confirmed User Industry Role: Join Date: Jan 2012 Location: NC Posts: 7,683	rename login.php to somethign else., __________________ SSD Cloud Server, VPS Server, Simple Cloud Hosting \| DigitalOcean

09-11-2015, 02:19 PM	#10
NaughtyVisions Confirmed User Join Date: May 2008 Location: Pennsylvania Posts: 4,204	I use wordfence and the user locker plugin. User Locker automatically locks an account with too many failed login attempts, and it can't be restored unless another administrator removes the lock. Plus you can manually lock accounts, so the first thing I do is create "admin" to set up my wordpress, then create a different user name with administrator privileges; log into the new account, and lock and disable "admin." __________________ Online strip gaming with sexy gamer girls Best thing I ever signed up for: Quality Razors, Cheap Price

09-10-2015, 09:29 PM	#2
jscott So Fucking Banned Industry Role: Join Date: Feb 2001 Location: Taipei Posts: 25,198	are they hitting your login.php page (wordpress) or some other login page? You can ask your host to password protect that login page.

09-10-2015, 11:55 PM	#4
Paz Confirmed User Industry Role: Join Date: Jun 2012 Posts: 457	You can get a list of tor IP's here and block them; https://check.torproject.org/cgi-bin/TorBulkExitList.py The list is very dynamic though I pull a fresh my list every 15 mins.

09-11-2015, 01:31 AM	#5
klinton So Fucking Banned Industry Role: Join Date: Apr 2003 Location: online Posts: 8,766	use wordpress plugins, like: captcha on wp-login and bruteprotect

09-11-2015, 02:31 PM	#12
wehateporn Promoting Debate on GFY Industry Role: Join Date: Apr 2007 Posts: 27,173	__________________ Sexy Girls Teasing

09-11-2015, 02:51 PM	#13
candyflip Carpe Visio Industry Role: Join Date: Jul 2002 Location: New York Posts: 43,052	I manage a blog for someone who creates Paleo cookbooks and is a NYT Best Seller. The blog gets about 75-100k visitors on any given day. I use WordFence and get notifications when people attempt to login. It happens all day long, 24/7. __________________ Spend you some brain. Email Me

09-11-2015, 04:33 PM	#14
anexsia Confirmed User Industry Role: Join Date: May 2010 Posts: 5,735	I only allow my IP through to wp-login.php and deny everyone else so they can't even see the page let alone attempt to bruteforce.