blog documentation FAQ followers forum marketplace services youtube

solved are these hack attacks and any way to filter them

The Jamroom Network » Forum » Installation and Configuration » Page » are these hack attacks and any way to filter them
soaringeagle
@soaringeagle
9 years ago
3,304 posts
everytime i look at the users online i see attempts to access pages like
/wp-admin/
/wp/wp-admin/
/blog/wp-admin/
having never had a wordpress site on my domain i assume these are randomly generated hack attacks looking for a wp admin login screen to launch a brute force attack on
is there any way at the jr..or server account level to catch these wp-admin attempts and blacklist them

i do have wp sites on the server in diferent account spaces so it cant be a global fix


--
soaringeagle
head dreadhead at dreadlocks site
glider pilot student and member/volunteer coordinator with freedoms wings international soaring for people with disabilities
updated by @soaringeagle: 03/13/15 08:41:22PM
brian
@brian
9 years ago
10,148 posts
soaringeagle:
everytime i look at the users online i see attempts to access pages like
/wp-admin/
/wp/wp-admin/
/blog/wp-admin/
having never had a wordpress site on my domain i assume these are randomly generated hack attacks looking for a wp admin login screen to launch a brute force attack on
is there any way at the jr..or server account level to catch these wp-admin attempts and blacklist them

i do have wp sites on the server in diferent account spaces so it cant be a global fix

Yeah those are just zombie servers "fishing" for new servers to take over. I would just Google it to see if you can block them - I'm not sure how you would do that right now.


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net
Clay Gordon
Clay Gordon
@claygordon
9 years ago
733 posts
Did you hear about China doing a DDOS on a security research blog? Rather than just bouncing requests, they redirected the requests to a small number of sites.

I am wondering if, with mod_rewrite or some Apache something, you could redirect the requests to /wp any subdirectory back to the requesting host? The more they ping you the more you ping them back?

If so - I'd be happy to add that to mine as they are not going to go away and as they might be phishing bots they are certainly going to ignore your robots.txt file.
brian
@brian
9 years ago
10,148 posts
thechocolatelife:
Did you hear about China doing a DDOS on a security research blog? Rather than just bouncing requests, they redirected the requests to a small number of sites.

I am wondering if, with mod_rewrite or some Apache something, you could redirect the requests to /wp any subdirectory back to the requesting host? The more they ping you the more you ping them back?

If so - I'd be happy to add that to mine as they are not going to go away and as they might be phishing bots they are certainly going to ignore your robots.txt file.

You definitely do not want to do this (as attractive as it seems) - you're likely to get your server shutdown at the network level by the hosting provider as they will see DOS style traffic coming from your interface. And regardless, you cannot "ping" a single site fast enough from a single interface to actually do anything.


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net
Clay Gordon
Clay Gordon
@claygordon
9 years ago
733 posts
Brian -

Not really seriously suggesting it, I know the potential implications. Just a late-night thought that didn't get filtered properly before clicking on post.

Still, fun to think about after all the crazy stuff we have to put up with at the receiving end.

Tags