• Resolved ZooL

    (@zool)


    First of all thank you for a great plugin!

    I’d like to ask a question about something that strikes me as a strange behavior:

    Even though I have changed the Login URL, I ‘m still getting brute force attacks, attempting to login with various usernames. They all result to banned IPs, of course; but isn’t this strange? How do these bad guys get to this point?

    Thanks!

    Christos

    https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi Christos, can you check to see if you have the following enabled Enable Pingback Protection: under Firewall -> Basic Firewall Rules?

    Thread Starter ZooL

    (@zool)

    Hi, thank you for your prompt answer. Yes, Pingback Protection is enabled.

    Perhaps I should add at this point that my website is hosted on a Windows environment (IIS 7.5 & Plesk 11); I don’t know if this makes any difference.

    Plugin Contributor wpsolutions

    (@wpsolutions)

    Using a browser type the URL path to the root wordpress location of your site and add “xmlrpc.php” at the end, eg,
    yoursite.com/xmlrpc.php

    What do you see when you do the above?

    Thread Starter ZooL

    (@zool)

    I get this txt response:

    XML-RPC server accepts POST requests only.

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi @zool, you should be getting the following

    403 Permission Denied
    You do not have permission for this request /xmlrpc.php.

    Can you check your .htaccess file and let us know if you see the following rule.

    #AIOWPS_PINGBACK_HTACCESS_RULES_START
    <Files xmlrpc.php>
    order deny,allow
    deny from all
    </Files>
    #AIOWPS_PINGBACK_HTACCESS_RULES_END

    Regards

    Thread Starter ZooL

    (@zool)

    Hi,

    As I mentioned earlier, my site is hosted on IIS (Windows). So, unfortunately, there’s no .htaccess file πŸ™

    There is however a web.config file that’s been used in the Windows platform, which substitutes part of the .htaccess functionality. (Some info can be found here: http://www.saotn.org/convert-apache-htaccess-iis-web-config/)

    Could you possibly offer some assistance with that?

    Thank you!

    Plugin Contributor wpsolutions

    (@wpsolutions)

    Some googling revealed the following code you could possibly try:

    <security>
      <requestFiltering>
        <denyUrlSequences>
          <add sequence="xmlrpc.php" />
        </denyUrlSequences>
      </requestFiltering>
    </security>

    The above should be the IIS equivalent to the apache .htaccess rules for denying access to xmlrpc.php.

    Thread Starter ZooL

    (@zool)

    Thank you, it seems to be working:

    The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.

    So, does this resolve the issue? Should I change the login url to something new?

    Plugin Contributor mbrsolution

    (@mbrsolution)

    @zool, that is good news πŸ™‚ Yes that does resolve your issue.

    You can change the Login URL if you want. Keep an eye out and see if your attacks have been reduced or stopped.

    You can close this support thread if you like. If you have any other issues in the future open up a new support thread.

    Kind regards

    Thread Starter ZooL

    (@zool)

    That did it, thank you!

    Attacks have now stopped, issue is resolved!

    Best regards,

    Christos

Viewing 10 replies - 1 through 10 (of 10 total)

The topic ‘Brute force attacks on changed login URL?’ is closed to new replies.