WordPress.org

Ready to get started?Download WordPress

Forums

Stealth Login Page
[resolved] How do the attackers know my secret?? (7 posts)

  1. t40fjk230
    Member
    Posted 1 year ago #

    I installed version 2.1.2 a few days ago and it seemed to work nicely.

    But now I see attacks in my log with the correct secret/answer combination. You couldn't guess this combination and I used it nowhere else.

    They're still trying to login, so they don't know the login. So probably neither my PC nor the server were compromised.

    I'm really worried. How can the hackers possibly know this?

    http://wordpress.org/extend/plugins/stealth-login-page/

  2. t40fjk230
    Member
    Posted 1 year ago #

    Checked the old logs. I finished configuring the plugin that day on 22:37. First login attempt with the right secret was 22:52.

  3. Jesse Petersen
    Member
    Plugin Author

    Posted 1 year ago #

    They don't. They are hitting wp-login.php remotely. I'm releasing a premium extension in the next week or two to kill those... and you should be using 3.0.0 - it's been out for several days now.

  4. t40fjk230
    Member
    Posted 1 year ago #

    No offense meant, but I think they do.

    I have lots of entries in my log like this:
    GET /wp-login.php?XXX=YYY&redirect_to...
    where XXX and YYY are the secret keys that I entered into the stealth login config page.

    Doesn't that mean that they know my "secret"?

  5. Jesse Petersen
    Member
    Plugin Author

    Posted 1 year ago #

    I'm no longer supporting versions < 3.0.0 as it was a nearly total re-write. Upgrade and then check your logs tomorrow. You need to kill the URL filter that may expose that URL, as noted in several other threads in this forum on pre-3.0.0 issues, and that's what 3.0.0 did.

  6. t40fjk230
    Member
    Posted 1 year ago #

    Thanks, found the posting that to referred to. (For the record: http://wordpress.org/support/topic/examplecomlogin-is-not-hidden?replies=4 )

    It's good to know for sure how the attackers got the info, and that my server / PC wasn't hacked (yet). ;-)

  7. Jesse Petersen
    Member
    Plugin Author

    Posted 1 year ago #

    No, this thread and this is why I killed the URL filter: http://wordpress.org/support/topic/leaked-stealth-parameters?replies=9

    That other person was just being a jerk and wanted something else.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.