“excessive failed login attempts”

  • vkaryl

    (@vkaryl)


    18 years, 1 month ago

    I’ve received three emails, two on one of my blogs and one on another – they all show the following:

    Subject:
    [BlogName] Excessive failed login attempts
    From:
    wordpress *at* mydomain *dot* com
    Date:
    Thu, 16 Mar 2006 12:11:32 -0500
    To:
    my admin email

    To:
    my admin email

    3 failed login attempts from IP: 66.249.28.84 (or IP: 66.249.66.203 or IP: 66.249.21.151)

    Last user attempted: .

    IP was blocked for ten minutes.

    Two of the IPs listed are
    OrgName: Name Intelligence, Inc.
    OrgID: NAMEI-1
    Address: 12806 SE 22nd Place
    City: Bellevue
    StateProv: WA
    PostalCode: 98006
    Country: US

    The other one is
    OrgName: Google Inc.
    OrgID: GOGL
    Address: 1600 Amphitheatre Parkway
    City: Mountain View
    StateProv: CA
    PostalCode: 94043
    Country: US

    Anyone have any idea what this is? I’m happy the blogs are blocking, but do I need to ramp up security? Any thoughts?

    [Edit: wow. I just got twenty more of these on one blog. All from 66.249.28.84. There are no comments being added. Logs show that the login attempt is redirecting to each post beginning with the latest one. Then a few minutes later the next one, etc. I guess I need to add some stuff to .htaccess?]

Viewing 4 replies - 1 through 4 (of 4 total)
  • w3central

    (@w3central)

    18 years, 1 month ago

    Wasn’t there something like a dos attack discussion lately in the mailing lists concerning this?

    Thread Starter vkaryl

    (@vkaryl)

    18 years, 1 month ago

    Yeah, I don’t remember exactly what the deal was, have to go dig around in the archives I guess….

    Thread Starter vkaryl

    (@vkaryl)

    18 years, 1 month ago

    Oh, btw….

    This action (notifying me regarding this) seems to be a direct result of using one of Owen’s wonderful little thingies…. Armor. I got it off the hackers’ list, I don’t know if he’s released it or not to the public. But it certainly does seem to be effective.

    Thread Starter vkaryl

    (@vkaryl)

    18 years ago

    I should actually have updated this thread, sorry (I’m quite frequently a space cadet. So sue me….)

    The culprit: a spidering program I’m using, which requires that the login, register, and admin pages be set “blocked”. Which they were. But the admin for the program had to reload from backups, and somehow the blocked pages were all unblocked.

    So I had to go back and redo them all (NOT a small job by any means). However, bad as that was, the good thing is it is not/was not anything to do with WP OR spammers etc.

    Thankfully.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘“excessive failed login attempts”’ is closed to new replies.

Tags