Support » Plugin: Wordfence Security - Firewall, Malware Scan, and Login Security » How to deal with an attack from intranet?

  • I’ve alerted my host, but I suddenly started getting hit by login attempts from 10.0.0.6 trying dozens of common usernames and passwords with numerous spoofed user agents. I gather this means that either a server in the host’s network has been compromised or that the IP has been forged somehow. Either way, there appears to be no way within Wordfence to block access attempts from 10.0.0.6 due to hard-coded whitelisting overriding my block. I presume it’s doing this in case my own server is 10.0.0.6, in a well-meaning attempt to protect me from borking WP cron jobs etc.? The Advanced Blocking page let me put in a rule, but Wordfence is ignoring it.

    Unfortunately I don’t have SSL or FTP access, so I’m unable to effect a block via .htaccess myself. Any ideas how to stop or slow this attack while waiting on my host’s customer support? It’s hitting hard enough that it’s slowing page loading significantly.

    https://wordpress.org/plugins/wordfence/

Viewing 3 replies - 1 through 3 (of 3 total)
  • I am getting same issue on 10.0.0.206 massive attacks

    Thread Starter Michael

    (@booknibbles)

    Whoops, meant to type 206 in my post above. Mine are from 10.0.0.206 as well.

    I did some checking here, it has worried me all morning, My host suggested making the wpadmin folder password protected effectively creating a double sign in. I have not done this yet as I need to check on the negative side effects but it seems simple enough. Should stop load on the site as well. Looking at WHM I can see that at the apache level there is no IP of that value so wordfence might have to step up on this vulnerability

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘How to deal with an attack from intranet?’ is closed to new replies.