Try looking at some of the security plugins – I think they might have that kind of list.
How long did it take you to add 6.5k IPs? I was doing that for a while but got tired of it. I was blocking countries too but blocking entire countries from accessing your website is not good practice in the long run.
After trying out a few different things and having multiple brute force attacks, I eventually found a good way to password protect the wp-login.php file and haven’t had one login attempt since.
I posted about it on my blog.
Should help you out in not wasting time blocking thousands of IPs. I’m sure the same IPs will not be used for very long so even if you block 90k IPs, they will probably just start using new ones.
Andrew Nevins
(@anevins)
WCLDN 2018 Contributor | Volunteer support
Really your hosts need to be dealing with this because by the time they have reached your login page it is too late.
I don’t think many hosts will do this unless it is causing problems on whole servers. I use Hostgator and they provide directions for doing this on their support pages which I linked to in my post.
Also, password protecting wp-login is not resulting in hits to my website and very little bandwidth usage (if any). That’s the point – they never reach wp-login in the first place. It blocks before the page is even loaded.
If anyone is interested, I could post the now over 7.3K of IP addresses…
I am using “Ban” plugin along with a user log plugin… I do not use the “admin” or any variation thereof in any accounts and while using ban, once the IP is added to the list, their next visit lands the on the FBI’s Cyber Crimes Web Page… still doesn’t seem to discourage however, my thoughts are, let them try to hack the FBI’s page and maybe something will get done about this…
Anyone discover exactly what this “bot” is yet? That would be helpful as well…
I attempted to rename the wp-login.php file but, the results for logging out etc. became so convoluted, I just gave up… The registration script failed, the recover password script failed along with, the logout function would lead to an file not found page…
IF someone asks for it, please use a pastebin for posting that kind of list/volume – http://codex.wordpress.org/Forum_Welcome#Posting_Code
BTW, have you seen this?
http://codex.wordpress.org/Brute_Force_Attacks
Make that 8,493 IP addresses I have banned if anyone is interested…
They are hitting my one site hard and fast… getting over 2k ban’s and at least 400+ new IP’s every 24 hours…
I really wish somewhere someone knew what the other 81.5K IP addresses were… It would make my life easier… I am in the process of adding the IP’s I have to my firewall rules… (VPS)
