Support » Plugin: Cerber Security, Antispam & Malware Scan » Unusual Attack Profile Needing Help

  • Resolved lostpine

    (@lostpine)


    I have a site that I am webmaster for that is used by local law enforcement in Central Florida. While there is nothing confidential or private on the site, I have been using Cerber Plugin – Free Version with wonderful results. However, 2 days ago, the site began receiving regular attempts to log in using the default WordPress ID, admin. The attempts are successfully blocked. They come about 6 minutes apart and total around 700+ per day. Totals now exceeding 2,000. What is unusual is that every attempt is with a new IP address. The plugin stats show it comes from Malaysia:

    FILTERED WHOIS INFO
    inetnum 175.144.0.0 – 175.144.255.255
    netname ADSL-STREAMYX
    descr TMNST
    country Malaysia (MY)
    admin-c TIA7-AP
    tech-c TIA7-AP
    status ALLOCATED NON-PORTABLE
    mnt-by TM-NET-AP
    mnt-lower MAINT-AP-STREAMYX
    mnt-routes MAINT-AP-STREAMYX
    mnt-irt IRT-TMNST-MY
    notify tmcops@tm.net.my

    last-modified 2014-02-11T04:58:41Z
    source APNIC
    irt IRT-TMNST-MY
    address Jalan Pantai Baru, Kuala Lumpur.
    e-mail abuse@tm.com.my

    abuse-mailbox abuse@tm.com.my

    auth # Filtered
    person EMRAN AHMED KAMAL
    nic-hdl EAK2-AP
    phone +6-03-83185434
    fax-no +6-03-22402126

    Each WHOIS retrieval shows a new IP address but the same data on the network. There does not appear to be any way to stop it other than relying on Cerber to do the initial block during the login attempt. Does anyone have advice? Is this a serious concern? The site is http://cfcpa.org/

    Bob Samson

Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.