supposedly brute force through xmlrcp.php | ww.wp.xz.cn

Resolved infoseelt
(@infoseelt)

10 years, 10 months ago

Hi,

We receive many site locked out emails. Appearantly this is because of bf attacks from different ip addresses but with the correct admin account (not default).
Examples:
our_site.nl.log:101.127.50.76 – – [20/Jul/2015:15:49:26 +0200] “POST /xmlrpc.php HTTP/1.1” 403 2381 “-” “-“
our_site.nl.log:197.0.88.86 – – [20/Jul/2015:16:03:19 +0200] “POST /xmlrpc.php HTTP/1.1” 403 2381 “-” “-“
our_site.nl.log:83.11.169.3 – – [20/Jul/2015:16:09:36 +0200] “POST /xmlrpc.php HTTP/1.1” 200 816 “-” “-“
our_site.nl.log:121.54.32.148 – – [20/Jul/2015:16:18:35 +0200] “POST /xmlrpc.php HTTP/1.1” 200 800 “-” “-“
our_site.nl.log:79.114.48.115 – – [20/Jul/2015:16:20:33 +0200] “POST /xmlrpc.php HTTP/1.1” 200 824 “-” “-“

Any suggestions other than protection from webserver software?

Tnx!

https://ww.wp.xz.cn/plugins/wp-security-audit-log/

Viewing 1 replies (of 1 total)

WPWhiteSecurity
(@wpwhitesecurity)

10 years, 10 months ago

This is not related to our plugin.

Viewing 1 replies (of 1 total)

The topic ‘supposedly brute force through xmlrcp.php’ is closed to new replies.

1 reply
2 participants
Last reply from: WPWhiteSecurity
Last activity: 10 years, 10 months ago
Status: resolved