Curious reporting format

  • Resolved msummers

    (@msummers)


    8 years, 5 months ago

    I’m using IPBC on multiple sites most of which are at WP 4.3.1. In the past, I would get alert emails that would look like this –

    111.111.111.111 blacklisted on http://www.example.com due to failed login attempts on following condition:

    Attempts: 5 (max)
    Time for max attempts: 60
    Total attempts made: 5

    Failed Attempts Details (Max 5)
    log => aaaaaa
    pwd => stupid
    Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
    Jul 11, 2015
    ———————————————
    log => aaaaa
    pwd => internet

    etc.

    But now, I am getting ones like this –

    45.79.131.88 blacklisted on http://www.example.com due to failed login attempts on following condition:

    Attempts: 3 (max)
    Time for max attempts: 30
    Total attempts made: 151

    Failed Attempts Details (Max 5)
    –user-agent=Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:39.0) Gecko/20100101 Firefox/39.0
    Nov 12, 2015
    ———————————————
    –user-agent=Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:39.0) Gecko/20100101 Firefox/39.0
    Nov 12, 2015
    ———————————————

    etc.

    Others contain this kind of thing –

    Failed Attempts Details (Max 5)

    \”1.0\”?>
    system.multicall

    methodName
    wp.getCategories
    params

    And what’s especially curious is that I get 100 of them in 1 minutes ALL with the same blacklisted IP.

    Can you tell me what’s up with this?

    https://wordpress.org/plugins/ip-blacklist-cloud/

Viewing 1 replies (of 1 total)
  • Plugin Author Adiie9

    (@ad33lx)

    8 years, 5 months ago

    Hi,

    These are XML brute force attempts and I am not being able to block that attack.
    In new WP version, they have updated security please check and update your WordPress.

    Regards,
    Adeel

Viewing 1 replies (of 1 total)
  • The topic ‘Curious reporting format’ is closed to new replies.