Last night I was alerted to one of my WordPress sites being brute forced. After realizing this, I began to try and play with the bot and see what I could get it to do.
I tired redirects (didn't work).
I increased the size of wp-login.php to a very large file (did work).
However, finally after messing around with it enough I thought it might be cool to see what it was trying and how it was trying to get into my Wordpress.
Here is the following log: http://ift.tt/1tHb1EA
time | IP Address [port] : post contents
I also noticed with this bot a bit down into the log that it tried a different user based on my sites name.
Enjoy
http://ift.tt/1dvHQ0Z
0 comments:
Post a Comment