(New?) Botnet To BruteForce WP?
-
A couple days ago, alerted by NewRelic and examining the logs via Loggly, I noticed that 100 different IPs requested /wp-login using the same UserAgent (“Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0”).
Over the course of 1 hour, the attacker tried to bruteforce WP 533 times while managing to be evaded by intrusion protection (in my case, a Web Application Firewall running commercial ModSec rules).
The attack lasted 60 minutes and came from 100 IPs. This is not a coincidence. Someone has come up with an elaborate WP Bruteforce tool.
Does anyone have any more information about this type of attack? Is it new only to me?
For the sake of registration, below are the IPs used in the attack.
190.114.248.42 116.71.164.186 112.198.64.37 111.91.86.134 88.236.177.206 80.99.255.47 217.118.79.24 118.172.4.45 89.146.157.123 80.94.246.148 201.234.181.230 176.43.255.6 201.240.153.181 80.29.19.44 171.101.153.44 58.8.238.25 122.169.148.202 188.247.132.4 202.126.89.177 31.214.50.135 189.225.200.119 101.51.198.195 213.74.52.53 210.187.173.60 189.253.79.35 201.141.120.20 141.136.238.242 200.87.109.34 103.5.5.210 178.89.179.124 201.173.85.250 175.142.130.188 190.90.83.6 121.52.153.181 124.121.203.96 46.255.86.106 182.52.192.86 41.105.15.148 81.213.240.206 118.172.43.216 139.228.125.44 183.87.225.21 213.139.60.67 178.89.30.117 31.176.166.129 92.99.106.154 109.127.170.254 176.197.114.105 178.89.70.8 91.209.131.193 121.58.224.37 121.1.54.217 14.97.192.201 112.198.79.66 190.26.162.150 190.233.130.193 94.242.237.73 118.173.180.100 180.183.207.18 182.6.69.92 88.235.251.164 181.54.128.114 190.216.199.90 190.234.161.68 80.99.194.66 190.158.221.179 88.245.226.40 92.44.109.240 189.245.124.37 49.248.14.34 85.97.37.191 94.137.200.228 190.131.131.75 121.54.29.9 112.203.3.182 112.203.207.123 121.54.32.131 111.93.58.110 120.28.126.25 118.100.148.57 120.28.190.129 117.212.154.237 116.75.17.72 112.200.96.111 121.54.54.45 112.208.135.70 117.222.54.208 115.240.100.242 112.204.142.161 121.54.40.36 112.203.199.36 120.28.240.187 112.205.0.21 103.16.33.86 112.205.120.138 112.206.188.184 110.44.101.46 112.205.38.76 121.54.54.147 121.1.47.62
- The topic ‘(New?) Botnet To BruteForce WP?’ is closed to new replies.