177bet cc app.Claim Your Free 999 Pesos Bonus Today

Forum Replies Created

Viewing 7 replies - 1 through 7 (of 7 total)

Forum: Plugins
In reply to: [Wordfence Security - Firewall, Malware Scan, and Login Security] Lots visit on wp-login.php and xmlrpc.php

Thread Starter mrpowerup
(@mrpowerup)

8 years, 6 months ago

I’m getting a ‘500 Internal Server Error’ message after changing adding those two rules in the htaccess.

Forum: Plugins
In reply to: [Wordfence Security - Firewall, Malware Scan, and Login Security] Lots visit on wp-login.php and xmlrpc.php

Thread Starter mrpowerup
(@mrpowerup)

8 years, 6 months ago

I just had a friend test the ‘Immediately block IPs that access these URLs’ option by accessing the /wp-login.php file. He just got a 404 error and he’s free to continue using the site.

Not sure if this should happen.

PS. I’ve added the following rule to htaccess.

<files wp-login.php>
order allow,deny
deny from all
</files>

<files xmlrpc.php>
order allow,deny
deny from all
</files>

Forum: Plugins
In reply to: [Wordfence Security - Firewall, Malware Scan, and Login Security] Lots visit on wp-login.php and xmlrpc.php

Thread Starter mrpowerup
(@mrpowerup)

8 years, 6 months ago

Thank you guys for your answers.

I’m using a plugin called ‘Rename wp-login.php’ to change it. I have access to FTP in case something goes wrong.

Forum: Plugins
In reply to: [Wordfence Security - Firewall, Malware Scan, and Login Security] Lots visit on wp-login.php and xmlrpc.php

Thread Starter mrpowerup
(@mrpowerup)

8 years, 6 months ago

I’ll contact my server’s support as fast as possible.
Is there any guide you could refer me to, so I can properly do what you said ?

Should i just block everyone from it like this, for example ? :

<files wp-login.php>
order allow,deny
deny from all
</files>

Forum: Plugins
In reply to: [Wordfence Security - Firewall, Malware Scan, and Login Security] Lots visit on wp-login.php and xmlrpc.php

Thread Starter mrpowerup
(@mrpowerup)

8 years, 6 months ago

Sorry of the misunderstanding. Everyone is banned instantly, they just keep coming with different IPs.
The photo was taken before i start blocking everyone accessing those two pages.

Forum: Plugins
In reply to: [Wordfence Security - Firewall, Malware Scan, and Login Security] Lots visit on wp-login.php and xmlrpc.php
Thread Starter mrpowerup
(@mrpowerup)

8 years, 6 months ago
Thanks for the bluebearmedia, i’ve change the login page and i block everyone that’s visiting ‘/wp-login.php’ or ‘/xmlrpc.php’. They don’t seem to be able to do something for now but on Live Traffic i can see that they keep coming.

Any idea why they’re visiting first ‘/xmlrpc.php’ and then ‘/wp-login.php’ ?

View post on imgur.com

I took this photo earlier in the morning. Since then i’m blocking everyone visiting those two pages.
- This reply was modified 8 years, 6 months ago by mrpowerup.
Forum: Plugins
In reply to: [Wordfence Security - Firewall, Malware Scan, and Login Security] Lots visit on wp-login.php and xmlrpc.php

Thread Starter mrpowerup
(@mrpowerup)

8 years, 6 months ago

I’ve tried to block them for about a hour, it’s pointless. They IPs are different and they don’t seem to have an end.

The thing that got my attention is that they’re just visiting the /wp-login.php file, non stop for about 6-7 hours now, they don’t to login(at least i can’t see them doing so), just visiting the login page. Someone tried to get in, but only 11 times (by putting different usernames/passwords, he even tried the password reset method on some of them).

I found this article, and it says that it is possible for someone to abuse system.multicall method from XML-RPC and try multiple passwords at once(xmlrpc.php is the first file they’re visiting before visiting the wp-login.php, as i can see in Live Traffic).
https://blog.sucuri.net/2015/10/brute-force-amplification-attacks-against-wordpress-xmlrpc.html

Viewing 7 replies - 1 through 7 (of 7 total)