|
High server load of wp-login bots
Hi
On my defiacted server I have the last days massive attacks of my wp-login.php, that I get a massive server load from 50 and more. I used plugins like wordfence which are IPs blocking which want to loginto the WordPress sites with wrong usernames. All user names are changed from admin to something else with strong passwords. I thought would fence with blocking IPS would help, but the server load is till high. So o tried a plugin which will move the wp.login.php to a name I like and puts out an error message on the old wp-login.php But the server load is still high. What can you suggest me? Would a .htaccess password protection help more instead of the plugin? Would be happy when someone can give me some tips. Greets |
Some tips you could try blocking..
from your firewall, htaccess, and webserver (this maybe too much hassle, I would stick with the first two options). |
Try cloudflare wordpress plugin.
Cloudflare is very good for protect your site for Free. |
Hi
thanks for the infos. At moment we tried it with the firewall on the server and the htaccess rules for the wp-admin, but now seems that all the attacks are going to the index.php and i have no idea why... And my server management team seems that they dont can solve that problem at moment. So does someone knows a good server management service and recoomend someone? Greets |
There's some basic information here you can try:
1st things first: protect your wordpress install against brute force at the very basic level: Brute Force Attacks « WordPress Codex 2nd, unless you use it, just delete xmlrpc.php OR, restrict access to it (see point #1 above to see how to restrict access to specific files) 3rd, have your sysadmin add a tool such as fail2ban which will count failed access and just block them in a "jail" inside your server's linux firewall. And auto expire them. It will require some tweaking, but it's really effective. 4th, you can visit the Blocklist site below and download the IP lists of the reported bad ip's in a specific timeframe. These are IP's that were flagged and banned from various fail2ban installations and including everything from brute force wordpress attempts to bruteforce ssh attempts. http://www.blocklist.de/en/export.html There's certainly other options, but the above should give you a good starting point, and certainly should be something your sysadmin can implement for you. If not, get a new host. |
Hi Robwod,
thanks for your tips. 1. Against brute fore on wordpress i have installed Wordfence which blocks that attempts and also locked down the wp-login.php with a .htaccess. 2. xmlrpc.php has been blocked by my technicans on the whole server 3. fail2ban is already installed on the server, my technicans say. What i dont understand is, that i get now all attacks directly on the index.php of wordpress. Is there somewhere in WHM a possibility where i can see it more detailed which file they try to attack? So that i can block this more specific? Greets |
Hello if you are still having problems consider changing your host.
We can definitely help you out at host4porn.com we have cheap dedicated servers for all needs. Contact me back if you are interested I’m sure you won’t have all those problems with us thanks to our 24/7 friendly support. Expedited Free Setup. |
Identifies the Ips and blocked in the htaccess. That worked for me.
|
It should be possible to block them via htaccess. You can also ask your host to do it for you.
|
Where do you have your server ? Which host company ?
|
Those brute force attacks can be filter through custom scripts for fail2ban. The ip will be blocked at firewall level so it won't hit again the server.
|
This is how I solved the problem (I have wordfence installed aside too).
https://fr.wordpress.org/plugins/custom-login-url/ So I changed my login url to something like mysite.com/Imthefreakingboss and all problems solved as they will not find the url. And if they do you can just change it again... |
They're most likely attacking you because you're using a wordpress site. Try Hide My WP. It's a plugin to hide the fact that you're using wordpress.
|
| All times are GMT -7. The time now is 03:11 PM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc