Excessive requests for login.php by one ip address

  • How should I consider repeated (many) requests for my login.php page by one (foreign) ip address?

    Could this be just an innocent bot, or might it be a hacking attempt?

    What would be a means of preventing this?

    Thanks!

Viewing 9 replies - 1 through 9 (of 9 total)

  • It sounds like a hacking attempt, especially if the IP is Russian or Chinese. Have you tried looking the url up on Google to see if it’s a well known spammer?

    /peter

    Thread Starter MikeHarrison

    (@mikeharrison)

    Thanks, Peter.

    This has happened twice. On this most recent incident (yesterday), I found the IP address to be apparently located in Thailand. My site stats tell me there are a several referrals every day from Russia and China, but yesterday’s incident – requests for specifically for the login page – was made many, many times.

    I’m using the plugin ‘Limit Login Attempts,’ but it hasn’t shown any actual lock-outs, so I guess what I’m seeing is just repeated accesses to the login page itself.

    In the interim, I’ve denied access by this IP address to the entire site with my htaccess file.

    Is there anything else/more I should be doing?

    Thanks!

    You can use Login LockDown it locks the ip after number attempts default is set 3 in 5mins

    Locking the ip out using htaccess is a good idea.

    There are always a few of these, when I worked for a large financial firm, our site was written in symfony and we got attempts at wp_login.php all the time, even though we didn’t have a file by that name.

    /peter

    even though we didn’t have a file by that name

    …interesting thought!

    I meant wp-login.php, but we didn’t have wp* in the system as it wasn’t WordPress. The hackers tried a lot of likely names, phpinfo.php was another favourite.

    /peter

    Thread Starter MikeHarrison

    (@mikeharrison)

    @govpatel: Thank you! I just checked your suggested plugin, but I found it is apparently compatible only up to WP v2.84 (I’m at 3.1.4).

    And, again, the IP address in question has only accessed the login page (numerous times), but they apparently have not yet attempted to login.

    I’m willing to bet that – by now – the would-be hacker would have attempted to access using a different IP address. I won’t know until I receive my site stats tomorrow morning.

    Thanks everyone. Your help is very much appreciated!

    I am using the plugin on Version 3.3.1

    Try https://www.ads-software.com/extend/plugins/limit-login-attempts/ That will stop multiple hits from any IP.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Excessive requests for login.php by one ip address’ is closed to new replies.