Godlike Productions - Discussion Forum
Users Online Now: 1,404 (Who's On?)Visitors Today: 239,294
Pageviews Today: 318,012Threads Today: 108Posts Today: 1,247
02:41 AM


Back to Forum
Back to Forum 		Back to Thread
Back to Thread
REPORT COPYRIGHT VIOLATION IN REPLY
Message Subject Huge attack on WordPress sites could spawn never-before-seen super botnet
Poster Handle Anonymous Coward
Post Content
I was monitoring the activity in the last few days and yes - there is a noticable ammount of POST requests to /wp-login.php . The funny part is that most of them are identifying as windows machines lol :D . The best you can do is to rename wp-login.php to some random thing and restore the filename only when YOU need to log in so they see a "404 not found" instead.

Here are a few (slightly edited) lines from my server:


50.22.*.* - - [12/Apr/2013:07:00:23 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-"
50.31.*.* - - [12/Apr/2013:07:01:15 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-"
46.165.*.* - - [12/Apr/2013:07:03:16 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-"
66.55.*.* - - [12/Apr/2013:07:04:41 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-"
204.93.*.* - - [12/Apr/2013:07:07:58 +0000] "GET /wp-login.php HTTP/1.1" 200 2558 "-" "-" "-"
204.93.*.* - - [12/Apr/2013:07:08:11 +0000] "POST /wp-login.php HTTP/1.1" 200 3495 "-" "-" "-"
87.253.*.* - - [12/Apr/2013:07:09:00 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-"
72.29.*.* - - [12/Apr/2013:07:11:44 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-"
31.210.*.* - - [12/Apr/2013:07:11:45 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-"
65.254.*.* - - [12/Apr/2013:07:11:49 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-"
207.58.*.* - - [12/Apr/2013:07:13:48 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-"
204.93.*.* - - [12/Apr/2013:07:15:10 +0000] "GET /wp-login.php HTTP/1.1" 200 2558 "-" "-" "-"
204.93.*.* - - [12/Apr/2013:07:15:13 +0000] "POST /wp-login.php HTTP/1.1" 200 3495 "-" "-" "-"
---
184.168.*.* - - [12/Apr/2013:07:39:26 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-"
66.55.*.* - - [12/Apr/2013:07:40:06 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-"
65.60.*.* - - [12/Apr/2013:07:40:06 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-"
61.19.*.* - - [12/Apr/2013:07:40:07 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-"
209.73.*.* - - [12/Apr/2013:07:41:51 +0000] "GET /wp-login.php HTTP/1.1" 200 2558 "-" "-" "-"
209.73.*.* - - [12/Apr/2013:07:41:55 +0000] "POST /wp-login.php HTTP/1.1" 200 3495 "-" "-" "-"
72.167.*.* - - [12/Apr/2013:07:43:13 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-"
93.187.*.* - - [12/Apr/2013:07:43:49 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-"
185.15.*.* - - [12/Apr/2013:07:43:50 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-"
108.163.*.* - - [12/Apr/2013:07:44:55 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-"
210.210.*.* - - [12/Apr/2013:07:44:57 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-"
209.73.*.* - - [12/Apr/2013:07:45:10 +0000] "GET /wp-login.php HTTP/1.1" 200 2558 "-" "-" "-"
209.73.*.* - - [12/Apr/2013:07:45:23 +0000] "POST /wp-login.php HTTP/1.1" 200 3495 "-" "-" "-"

and so on...
 
Please verify you're human:




Reason for copyright violation:





GLP