Today I found my wordpress blog /wp-login access from IP: 217.66.216.68. The machine access the /wp-login almost every second, I thought it just want to brute force my admin password then destroy the wordpress content.
Does any guys encounter similar problem, how do you get rid of that?
I just use nginx settings deny IP, I think it isn't good enough.
access.log
217.66.216.68 - - [02/Jul/2014:11:34:26 +0800] "POST /wp-login.php HTTP/1.0" 502 173 "-" "-"
217.66.216.68 - - [02/Jul/2014:11:34:28 +0800] "POST /wp-login.php HTTP/1.0" 502 173 "-" "-"
217.66.216.68 - - [02/Jul/2014:11:34:28 +0800] "POST /wp-login.php HTTP/1.0" 502 173 "-" "-"
217.66.216.68 - - [02/Jul/2014:11:34:29 +0800] "POST /wp-login.php HTTP/1.0" 502 173 "-" "-"
217.66.216.68 - - [02/Jul/2014:11:34:30 +0800] "POST /wp-login.php HTTP/1.0" 502 173 "-" "-"
217.66.216.68 - - [02/Jul/2014:11:34:31 +0800] "POST /wp-login.php HTTP/1.0" 502 173 "-" "-"
217.66.216.68 - - [02/Jul/2014:11:34:32 +0800] "POST /wp-login.php HTTP/1.0" 502 173 "-" "-"
217.66.216.68 - - [02/Jul/2014:11:34:33 +0800] "POST /wp-login.php HTTP/1.0" 502 173 "-" "-"
217.66.216.68 - - [02/Jul/2014:11:34:34 +0800] "POST /wp-login.php HTTP/1.0" 502 173 "-" "-"
217.66.216.68 - - [02/Jul/2014:11:34:40 +0800] "POST /wp-login.php HTTP/1.0" 502 173 "-" "-"
now I forbit the ip:
error.log
2014/07/02 16:00:33 [error] 26426#0: *156 access forbidden by rule, client: 217.66.216.68, server: blog.baozishan.in, request: "POST /wp-login.php HTTP/1.0", host: "blog.baozishan.in"
2014/07/02 16:00:34 [error] 26426#0: *157 access forbidden by rule, client: 217.66.216.68, server: blog.baozishan.in, request: "POST /wp-login.php HTTP/1.0", host: "blog.baozishan.in"
2014/07/02 16:00:35 [error] 26426#0: *158 access forbidden by rule, client: 217.66.216.68, server: blog.baozishan.in, request: "POST /wp-login.php HTTP/1.0", host: "blog.baozishan.in"
http://ift.tt/1dvHQ0Z
0 comments:
Post a Comment