[wp-hackers] Detecting the present botnet attacks
les at lcb.me.uk
Sat Jul 13 05:57:58 UTC 2013
Yes, i've been using wp-fail2ban for a while. It seemed to be working for a while, but the attacks have changed from multiple attempts to single attempts from each IP address, making it less effective.
Installed Bad Behaviour (http://bad-behavior.ioerror.us/) which seems to be blocking the botnet attacks.
Les Bessant les at lcb.me.uk
Losing it - http://losingit.me.uk/
Les Bessant Photography - http://lesbessant-photography.co.uk
On 12 Jul 2013, at 15:48, Doug Smith <doug at smithsrus.com> wrote:
> You could add another log in layer with basic HTTP authentication to protect your wp-admin directory. Or you could use the Google Authenticator plugin (http://wordpress.org/plugins/google-authenticator/) to give you second factor authentication through a smartphone.
> fial2ban is still nice, though, because anything you can stop with it happens at the firewall so WordPress doesn't even see it, which is helpful for both performance and security. If you haven't seen it yet, there is a WP fail2ban plugin (http://wordpress.org/plugins/wp-fail2ban/) that will log WordPress login attempts so they can be used in fail2ban too.
> Doug Smith: doug at smithsrus.com
> On 11 Jul 2013 22:23:41 +0100, Les Bessant <les at lcb.me.uk> wrote:
>> I've been using fail2ban, but I'm still seeing numerous single attempts to log on to my site - and they're not trying for "admin", they're actually targeting the user name that I post with. Getting one attempt at a time from numerous addresses.
>> Looks like it's time to go back to using bad behaviour.
>> Les Bessant les at lcb.me.uk
>> Losing it - http://losingit.me.uk/
>> Les Bessant Photography - http://lesbessant-photography.co.uk
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers