brutal force attack ‘POST /wp-login.php’
-
I noticed that there is brutal force attack using POST to access /wp-login.php on my site, it shows on var/log/nginx/access.log as well as /var/log/nginx/error.log, wp-fail2ban however doesn’t seems to ban this activity. What do I need to setup (I guess a regex add somewhere to existing one) to address this?
xx.xxx.xx.xxx - - [01/Jan/2017:10:54:37 +0800] "POST /wp-login.php HTTP/1.1" 200 3368 "https://mywebsite.com/wp-login.php" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)" xx.xxx.xx.xxx - - [01/Jan/2017:10:54:38 +0800] "POST /wp-login.php HTTP/1.1" 200 3368 "https://mywebsite.com/wp-login.php" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"
- The topic ‘brutal force attack ‘POST /wp-login.php’’ is closed to new replies.
