[BlueOnyx:21565] Re: Attack by a botnet.

Fungal Style wayin at hotmail.com
Tue Dec 5 00:27:42 -05 2017 

Michael,

Thanks for the tips, in hind sight I should have set it up a little better, even if it is just a testing site I was working on…. I noticed they disappeared for a bit and have returned even though I have the domain pointing to Google now with the files not present, maybe for this round I need to wait for them just to give up, or just delete the dns records, see what they do then… (

The .htaccess as a basic security measure is something I did not think about and that would prevent a bot from just searching.

Thanks again.

Will have a read to see if I can get any further ideas, though 2fa and such won’t stop them from trying, as not finding them now is not working either….

I can probably write it off to experience… and put a drupal, magento or joomla site on the domain… ( as WP is not my first choice, was just a test/dev site.
<kicks self hard>

Regards
Brian


On 5/12/17, 2:19 pm, "Blueonyx on behalf of Michael Stauber" <blueonyx-bounces at mail.blueonyx.it on behalf of mstauber at blueonyx.it> wrote:

    Hi Brian,
    
    > It is a form of brute force attack from what I can tell and it is low
    > bandwidth as they are requesting part of a file (possibly to go
    > undetected as it is 2/10’s of bugger all data).
    > 
    > As I am only using the domain for testing currently I placed a 301 on it
    > and renamed the files it is requesting, but they are still going.
    
    Yeah, it's a botnet trying a brute force login to your WordPress
    backend. I'd either rename the wp-admin directory to something else
    and/or would throw an additional password protection of that folder in
    (via .htaccess) or would install a WordPress plugin that requires
    additional steps for logins than just username and password.
    
    Like the Google Authenticator:
    
    https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwordpress.org%2Fplugins%2Ftags%2F2-factor-authentication%2F&data=02%7C01%7C%7Cc1e20b603eab4fc5442608d53b8ef986%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636480407626571911&sdata=PER3XiYofzI1PDcqVcdrUxddN4etAA2EJWmzvE77uY8%3D&reserved=0
    
    From that list this one seems to be pretty complete:
    
    https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwordpress.org%2Fplugins%2Floginizer%2F&data=02%7C01%7C%7Cc1e20b603eab4fc5442608d53b8ef986%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636480407626571911&sdata=FK5K9Z8bBa%2FmZAO%2BktOeaTs%2Be3pfNzC0vqu8q8f07n8%3D&reserved=0
    
    There are also a couple of other WordPress plugins around that offer
    additional protection. Without any endorsement this URL shows some of them:
    
    https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwordpress.org%2Fplugins%2Fsearch%2Fsecure%2Blogin%2F&data=02%7C01%7C%7Cc1e20b603eab4fc5442608d53b8ef986%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636480407626571911&sdata=fbNrObhIqC7uRDke6g%2Be41tyk1UlL8EAp3RAv0ALhTI%3D&reserved=0
    
    -- 
    With best regards
    
    Michael Stauber
    _______________________________________________
    Blueonyx mailing list
    Blueonyx at mail.blueonyx.it
    https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmail.blueonyx.it%2Fmailman%2Flistinfo%2Fblueonyx&data=02%7C01%7C%7Cc1e20b603eab4fc5442608d53b8ef986%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636480407626571911&sdata=Z%2Fj6PrvIRAQ6FIn7KYunoPqtNgVTQ1RboROl%2B9V1N2Q%3D&reserved=0

More information about the Blueonyx mailing list