REPORT COPYRIGHT VIOLATION IN REPLY
|
Message Subject
|
Huge attack on WordPress sites could spawn never-before-seen super botnet
|
Poster Handle
|
Anonymous Coward |
Post Content
|
I was monitoring the activity in the last few days and yes - there is a noticable ammount of POST requests to /wp-login.php . The funny part is that most of them are identifying as windows machines lol :D . The best you can do is to rename wp-login.php to some random thing and restore the filename only when YOU need to log in so they see a "404 not found" instead.
Here are a few (slightly edited) lines from my server:
50.22.*.* - - [12/Apr/2013:07:00:23 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-" 50.31.*.* - - [12/Apr/2013:07:01:15 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-" 46.165.*.* - - [12/Apr/2013:07:03:16 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-" 66.55.*.* - - [12/Apr/2013:07:04:41 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-" 204.93.*.* - - [12/Apr/2013:07:07:58 +0000] "GET /wp-login.php HTTP/1.1" 200 2558 "-" "-" "-" 204.93.*.* - - [12/Apr/2013:07:08:11 +0000] "POST /wp-login.php HTTP/1.1" 200 3495 "-" "-" "-" 87.253.*.* - - [12/Apr/2013:07:09:00 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-" 72.29.*.* - - [12/Apr/2013:07:11:44 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-" 31.210.*.* - - [12/Apr/2013:07:11:45 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-" 65.254.*.* - - [12/Apr/2013:07:11:49 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-" 207.58.*.* - - [12/Apr/2013:07:13:48 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-" 204.93.*.* - - [12/Apr/2013:07:15:10 +0000] "GET /wp-login.php HTTP/1.1" 200 2558 "-" "-" "-" 204.93.*.* - - [12/Apr/2013:07:15:13 +0000] "POST /wp-login.php HTTP/1.1" 200 3495 "-" "-" "-" --- 184.168.*.* - - [12/Apr/2013:07:39:26 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-" 66.55.*.* - - [12/Apr/2013:07:40:06 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-" 65.60.*.* - - [12/Apr/2013:07:40:06 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-" 61.19.*.* - - [12/Apr/2013:07:40:07 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-" 209.73.*.* - - [12/Apr/2013:07:41:51 +0000] "GET /wp-login.php HTTP/1.1" 200 2558 "-" "-" "-" 209.73.*.* - - [12/Apr/2013:07:41:55 +0000] "POST /wp-login.php HTTP/1.1" 200 3495 "-" "-" "-" 72.167.*.* - - [12/Apr/2013:07:43:13 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-" 93.187.*.* - - [12/Apr/2013:07:43:49 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-" 185.15.*.* - - [12/Apr/2013:07:43:50 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-" 108.163.*.* - - [12/Apr/2013:07:44:55 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-" 210.210.*.* - - [12/Apr/2013:07:44:57 +0000] "POST /wp-login.php HTTP/1.1" 200 3671 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0" "-" 209.73.*.* - - [12/Apr/2013:07:45:10 +0000] "GET /wp-login.php HTTP/1.1" 200 2558 "-" "-" "-" 209.73.*.* - - [12/Apr/2013:07:45:23 +0000] "POST /wp-login.php HTTP/1.1" 200 3495 "-" "-" "-"
and so on...
|
|
Please verify you're human:
|
|
Reason for copyright violation:
|