Error Log Size Warning – All 403s for Login.php

  • Resolved MikeHarrison

    (@mikeharrison)


    10 years, 8 months ago

    I received a warning from BPS this morning when logging in that the Error Log was quite large. When I looked at it, it was full of 403 Errors for outsiders attempting to get my login.php page (which is restricted by BPS to access from my ip address only).

    I seem to recall your advice from a few months ago to turn error logging off, which I have done (it must have defaulted to ‘on’ again when I deactived and then reactivated all my plugins a few days ago following migration to a new server). But I pasted one error message below for you to see, to determine if my assumption is correct and that everything is OK, and I can leave error logging off.

    Thanks!

    >>>>>>>>>>> 403 GET or Other Request Error Logged - August 7, 2013 - 4:28 am <<<<<<<<<<<
REMOTE_ADDR: 182.48.10.50
Host Name: www1650m.sakura.ne.jp
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http%3A%2F%2Fmike-harrison.com%2Fwp-login.php?redirect_to=http%3A%2F%2Fmike-harrison.com%2Fwp-admin%2F&reauth=1
REQUEST_URI: /wp-login.php
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Linux; U; Android 3.2.1; en-us; AT100 Build/HTK55D) AppleWebKit/534.13 (KHTML, like Gecko) Version/4.0 Safari/534.13

    http://wordpress.org/plugins/bulletproof-security/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author AITpro

    (@aitpro)

    10 years, 8 months ago

    Yes, this is a standard Brute Force Login attempt/attack.

    Yep, you can turn off security/error logging since these Blocked Brute Force login attempts happen all day every day. We are continuing to log these events on our sites to monitor, keep track of and report on this issue. Currently we are logging 280,000+ blocked Brute Force Login attempts per month on our sites.

    Thread Starter MikeHarrison

    (@mikeharrison)

    10 years, 8 months ago

    OK. Great. Thanks!

    After starting this thread, I noticed that the permissions on my root .htaccess file had changed to 0644, so I changed it back to 404, and then backed up my database. When I logged into my ftp account, I noticed the modification date of the .htaccess file was earlier today, at a time when I would’ve been asleep. The permissions change was not reflected in the modification date, so I’m wondering what would have made a modification to the root .htaccess file two hours before I accessed it?

    Is there something I’m not taking into account?

    Plugin Author AITpro

    (@aitpro)

    10 years, 8 months ago

    Some hosts automatically change the root .htaccess file permissions to whatever they have configured/set at that Server. This would be some kind of automated script that checks the permissions at regular intervals and then applies that permission.

    Or maybe the Server time is different then your geographic location time in the Server’s php.ini file.
    Example: date.timezone = America/Los_Angeles

    http://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone

    Thread Starter MikeHarrison

    (@mikeharrison)

    10 years, 8 months ago

    OK, thanks. I’ll leave things as they are now because everything seems to be working correctly, and your great BPS plugin (and your assistance here) gives me peace of mind knowing that the site is secure.

    Many thanks!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Error Log Size Warning – All 403s for Login.php’ is closed to new replies.