valid usernames being used to attempt login

  • Mighty Good

    (@mighty-good)


    9 years, 4 months ago

    Question — I’m using the free Wordfence plug-in and I have had numerous attacks on valid user names. Never started with admin, but each valid user name since has been used to try to login to the page — Wordfence gives this notation…
    —-
    A user with IP address 95.59.115.23 has been locked out from the signing in or using the password recovery form for the following reason: Exceeded the maximum number of login failures which is: 20. The last username they tried to sign in with was: ‘g8t20xx’
    User IP: 95.59.115.23
    User hostname: 95.59.115.23.megaline.telecom.kz
    —-
    I chose this user name as a test, and no one who access to the site has used it — or even know about it.

    Please help! Thanks!

    https://wordpress.org/plugins/wordfence/

Viewing 1 replies (of 1 total)
  • Lita

    (@inhalesd)

    9 years, 4 months ago

    I had the same problem, we were hit by the soaksoak.ru campaign and it seems a few files may have been injected to gain access to my database. it’s probable that the same thing happened to you if they know about something like a valid user with a seemingly super random name, they could get that information out of your DB if it or the user controlling it was compromised.

    One of the things I tried was creating new database users, trashing privileges to all the current ones and giving it to the new ones instead. I haven’t had the problem since, I’m not good with databases but two days so far and I seem to be in the clear. If you want to try that, remember to update your wp-config file, but if it was your DB and not the user, shuffling permissions won’t do much good. Hopefully somebody helps you soon! Good luck

Viewing 1 replies (of 1 total)
  • The topic ‘valid usernames being used to attempt login’ is closed to new replies.