Brute Force Invalid Logon

  • starshipuk

    (@starshipuk)


    7 years, 6 months ago

    I have a site which is getting constant Brute Force Invalid Login errors in the logs from different IP addresses all over the world. How do I stop this happening?

    As an example, most are identical apart from different IP addresses:

    Module Brute Force
    Type Notice
    Description Invalid Login
    Timestamp 2018-12-13 12:11:22
    Host 145.17.133.54
    User
    URL http://mail.DOMAINNAMEREMOVED.com//xmlrpc.php
    Login Source XMLRPC Authentication
    Raw Details

    Show Raw Details

    id => 737
    module => brute_force
    type => notice
    code => invalid-login
    timestamp => 2018-12-13 12:11:22
    init_timestamp => 2018-12-13 12:11:21
    remote_ip => 145.17.133.54
    user_id => [empty string]
    url => http://mail.DOMAINNAMEREMOVED.com//xmlrpc.php
    memory_current => 17601832
    memory_peak => 18585936
    data => Array
    details => Array
    source => xmlrpc
    authentication_types => Array
    0 => username_and_password
    user => Object WP_Error
    errors => Array
    invalid_username => Array
    0 => ERROR: Invalid username. Lost your password?
    error_data => Array()
    username => steve
    user_id => [boolean] false
    SERVER => Array
    SERVER_SOFTWARE => LiteSpeed
    REQUEST_URI => //xmlrpc.php
    PATH => /bin:/usr/bin:/usr/local/bin
    HTTP_ACCEPT => */*
    HTTP_ACCEPT_ENCODING => gzip, deflate
    CONTENT_LENGTH => 194
    HTTP_HOST => mail.DOMAINNAMEREMOVED.com
    HTTP_REFERER => http://www.google.com.hk
    HTTP_USER_AGENT => Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36
    HTTP_X_FORWARDED_FOR => 145.17.133.54
    DOCUMENT_ROOT => /home/FOLDERNAMEREMOVED/DOMAINNAMEREMOVED.com
    REMOTE_ADDR => 145.17.133.54
    REMOTE_PORT => 46570
    SERVER_ADDR => 77.72.4.98
    SERVER_NAME => mail.DOMAINNAMEREMOVED.com
    SERVER_ADMIN => [email protected]
    SERVER_PORT => 80
    PROXY_REMOTE_ADDR => 111.118.150.193
    SCRIPT_FILENAME => /home/FOLDERNAMEREMOVED/DOMAINNAMEREMOVED.com/xmlrpc.php
    QUERY_STRING => [empty string]
    SCRIPT_URI => http://mail.DOMAINNAMEREMOVED.com/xmlrpc.php
    SCRIPT_URL => /xmlrpc.php
    SCRIPT_NAME => /xmlrpc.php
    SERVER_PROTOCOL => HTTP/1.1
    REQUEST_METHOD => POST
    X-LSCACHE => on
    PHP_SELF => /xmlrpc.php
    REQUEST_TIME_FLOAT => 1544703081.7144
    REQUEST_TIME => 1544703081

The topic ‘Brute Force Invalid Logon’ is closed to new replies.