Non-Stop Hacker in BPS Log – How to stop?
-
Below is a sample of code I’m getting from BPS.
It looks like BPS is properly deflecting this hacker.
I’d appreciate suggestions about how to get this guy to stop filling up my security log every day.I’ve got the suggested Brute Force Login Protection installed on .htaccess thus:
# BRUTE FORCE LOGIN PAGE PROTECTION # Protects the Login page from SpamBots, HackerBots & Proxies # that use Server Protocol HTTP/1.0 or a blank User Agent RewriteCond %{REQUEST_URI} ^(/wp-login\.php|.*wp-login\.php.*)$ RewriteCond %{HTTP_USER_AGENT} ^$ [OR] RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR] RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$ RewriteRule ^(.*)$ - [F,L]
I also added this:
# DENY BROWSER ACCESS TO LOGIN FOR UKRAINIAN HACKERS TRYING TO GET IN # wp-login.php <FilesMatch "^(/wp-login\.php|.*wp-login\.php.*)$"> Order Allow,Deny Deny from 5.248.0.0/16 Deny from 37.115.0.0/16 Deny from 37.229.0.0/16 Deny from 46.118.0.0/15 Deny from 46.118.0.0/16 Deny from 46.119.0.0/16 Deny from 46.185.0.0/17 Deny from 46.185.0.0/18 Deny from 46.185.64.0/18 Deny from 46.211.0.0/16 Deny from 46.211.0.0/17 Deny from 46.211.128.0/17 Deny from 81.23.16.0/20 Deny from 94.153.0.0/16 Deny from 109.162.0.0/17 Deny from 109.162.0.0/18 Deny from 109.162.64.0/18 Deny from 134.249.0.0/16 Deny from 176.8.0.0/16 Deny from 178.137.0.0/16 Deny from 178.137.0.0/17 Deny from 178.137.128.0/17 Deny from 188.163.0.0/17 Deny from 188.163.64.0/18 Deny from 193.41.60.0/22 Allow from all </FilesMatch>
So why is this guy still trying to hack my website if he’s not able to get in?
I thought about putting this into .htaccess at the bottom, but I’m not sure it will actually stop him from daily filling up my log.
# BAN USER BY IP <Limit GET POST> order allow,deny allow from all deny from 5.248.87.146 </Limit>
Last week the same hacker had a different IP, same ISP.
I have sent a request to the hacker’s ISP and a second request copied to the ISP and the ISP’s direct upstream provider asking them to stop the hacker. I’m really not sure what else to do.
BPS SECURITY LOG ================= ================= ... [403 GET / HEAD Request: September 12, 2014 4:57 am] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 5.248.87.146 Host Name: 5-248-87-146-broadband.kyivstar.net SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: http://nypsc.org/wp-login.php QUERY_STRING: HTTP_USER_AGENT: [403 GET / HEAD Request: September 12, 2014 4:57 am] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 5.248.87.146 Host Name: 5-248-87-146-broadband.kyivstar.net SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: http://nypsc.org/wp-login.php QUERY_STRING: HTTP_USER_AGENT: [403 GET / HEAD Request: September 12, 2014 4:58 am] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 5.248.87.146 Host Name: 5-248-87-146-broadband.kyivstar.net SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: http://nypsc.org/wp-login.php QUERY_STRING: HTTP_USER_AGENT: [403 GET / HEAD Request: September 12, 2014 4:58 am] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 5.248.87.146 Host Name: 5-248-87-146-broadband.kyivstar.net SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: http://nypsc.org/wp-login.php QUERY_STRING: HTTP_USER_AGENT: [403 GET / HEAD Request: September 12, 2014 4:59 am] Event Code: BFHS - Blocked/Forbidden Hacker or Spammer Solution: N/A - Hacker/Spammer Blocked/Forbidden REMOTE_ADDR: 5.248.87.146 Host Name: 5-248-87-146-broadband.kyivstar.net SERVER_PROTOCOL: HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: REQUEST_URI: http://nypsc.org/wp-login.php QUERY_STRING: HTTP_USER_AGENT:
- The topic ‘Non-Stop Hacker in BPS Log – How to stop?’ is closed to new replies.