Am I Under Attack?

08/16/2014 12:16:04 PM

Just now came out another attack. I don’t know what I did bad to my bothers. I will Just say.. Brother I’m a very poor guy, can’t afford to give time on repair.

I’m saying sorry IF I DID ANYTHING wrong to you. Please don’t put mysite under attack again. You almost got me ?!

Lesson Learned:

Never Ever Use “admin” username for Admin. Although I don’t use “admin” for about 3 years now. But by seeing the log I’m surprised the most used used name is “admin”.

Many Many Many thanks to Daniel Convissor for his great work LSS. The attack was started by(talking about a single IP in a row) by

36.44.58.201 - - [15/Aug/2014:20:04:41 -0400] "GET /?author=1 HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17"

that is looks for the user id = 1. I think we can do something to randomize the admin name, for our regular users who is loving WordPress everyday Like We do.

07/07/2014 12:16:04 PM

Who are u, I have noting much here, just a start-up.

Your website, Rezaur’s Development Network, is undergoing a brute force attack.

There have been at least 50 failed attempts to log in during the past 120 minutes that used one or more of the following components:

Component                    Count    Value from Current Attempt
————————    —–    ——————————–
Network IP                      50    88.236.113.*
Username                        9    admin1
Password MD5                    2    8b4bed1763adf2681776dfc1dafb0bd0

The most recent attempt came from the following IP address: 88.236.113.229

The Login Security Solution plugin (0.44.0) for WordPress is repelling the attack by making their login failures take a very long time.  This attacker will also be denied access in the event they stumble upon valid credentials.

Further notifications about this attacker will only be sent if the attack stops for at least 120 minutes and then resumes