WordPress Brute force log

Munzy · Aug 26, 2014

Last night I was alerted to one of my WordPress sites being brute forced. After realizing this, I began to try and play with the bot and see what I could get it to do.

I tired redirects (didn't work).

I increased the size of wp-login.php to a very large file (did work).

However, finally after messing around with it enough I thought it might be cool to see what it was trying and how it was trying to get into my Wordpress.

Here is the following log: https://cdn.content-network.net/Mun/25_Aug_2014-WP-Brute-Force.txt

time | IP Address [port] : post contents

I also noticed with this bot a bit down into the log that it tried a different user based on my sites name.

Enjoy

Hxxx · Aug 26, 2014

Mine is hammered 24/7. Anyway WAF and strong passwords, and you shouldnt worry.

HalfEatenPie · Aug 26, 2014

Yeah mine gets hammered quite frequently too.

Funny thing though, every once in a while I do get a CC IP or a CVPS IP trying to brute force into it (an abuse e-mail is usually sent and no response is given)

They try all these weird names as well. I mean you know how in Wordpress you can setup your nicknames to show up on your blog, therefore they try to enter using that nickname (whereas the actual login name is totally different). It's just an interesting thing to see.

But yeah, just make sure your security is up and you're good.

Hxxx · Aug 26, 2014

Same thing here @HalfEatenPie .

But in my case is OVH powa!!!

nunim · Aug 27, 2014

HalfEatenPie said:
.. They try all these weird names as well. I mean you know how in Wordpress you can setup your nicknames to show up on your blog, therefore they try to enter using that nickname (whereas the actual login name is totally different). It's just an interesting thing to see...

Attackers can obtain the login-name for any author quite easily, additionally if they use index.php?author=1 they'll get the admin user as almost everyone leaves this as an admin user.

HalfEatenPie · Aug 27, 2014

nunim said:
Attackers can obtain the login-name for any author quite easily, additionally if they use index.php?author=1 they'll get the admin user as almost everyone leaves this as an admin user.

Yep that's why you either change it up or get those security plugins that does it all for ya

WordPress Brute force log

Munzy

Active Member

Hxxx

Active Member

HalfEatenPie

The Irrational One

Hxxx

Active Member

nunim

VPS Junkie

HalfEatenPie

The Irrational One