Between 03:31 and 07:17 BST I have had a wave of failed logins on my resellers site. I have WP security installed and set to automatically add any IP with 2 failed log in details to be banned from the site for an hour. This appears to be working as I received 430 odd emails telling me WP Security had locked out another IP.
Normally this wouldn’t bother me but I have WP security configured to only allow access to the wp-login.php script if you know the key, so how is this attacker finding my login script? When I visit it using my browser I get a 404 error.
However my access logs are showing
Why is my install giving out 302 - REDIRECTION - FOUND and even more curious 418 - CLIENT ERROR - Im a teapot
Normally this wouldn’t bother me but I have WP security configured to only allow access to the wp-login.php script if you know the key, so how is this attacker finding my login script? When I visit it using my browser I get a 404 error.
However my access logs are showing
Code:
171.4.251.203 - - [Thu Aug 22 04:33:09 2013] "POST /wp-login.php HTTP/1.0" 418 5 "http://resellersite.net/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0" 223.204.140.68 - - [Thu Aug 22 04:33:14 2013] "POST /wp-login.php HTTP/1.0" 418 5 "http://resellersite.net/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0" 109.162.51.37 - - [Thu Aug 22 04:34:14 2013] "POST /wp-login.php HTTP/1.0" 302 3361 "http://resellersite.net/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0" 2.191.98.121 - - [Thu Aug 22 04:35:30 2013] "POST /wp-login.php HTTP/1.0" 302 3361 "http://resellersite.net/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0"
Comment