Title: Wp Attack
Last modified: August 30, 2016

---

# Wp Attack

 *  Resolved [scieriro](https://wordpress.org/support/users/scieriro/)
 * (@scieriro)
 * [10 years, 11 months ago](https://wordpress.org/support/topic/wp-attack/)
 * Hello Forum users,
 * For the past days I encounter on one of my Wp site an massive attack. On the 
   logs this shows every 1-2 minutes, every time there is another IP address. So
   far I’ve banned using fail2ban about 1000 IP’s almost all coming from Russia.
   
   The thing is that this attack is some kind of stupid as clearly it has an 404
   on “/-/-/” part, and the wp-login is no longer called this way(renamed with an
   plugin). So the only inconvenient is the bandwidth consumption. Is there any 
   solution to this attack?
 *     ```
       91.204.196.58 - - [26/Jun/2015:13:46:21 +0300] "GET /wp-login.php HTTP/1.1" 301 - "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0"
       91.204.196.58 - - [26/Jun/2015:13:46:22 +0300] "GET /-/-/-/-/-/-/-/-/-/- HTTP/1.1" 404 14730 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0"
       ```
   

Viewing 6 replies - 1 through 6 (of 6 total)

 *  [leejosepho](https://wordpress.org/support/users/leejosepho/)
 * (@leejosepho)
 * [10 years, 11 months ago](https://wordpress.org/support/topic/wp-attack/#post-6270812)
 * There are many ways people approach all of this, and I only know a few. Wordfence
   Security has these throttling options:
 * > If anyone’s requests exceed:
   >  If a crawler’s page views exceed: If a crawler’s
   > pages not found (404s) exceed: If a human’s page views exceed: If a human’s
   > pages not found (404s) exceed: If 404’s for known vulnerable URL’s exceed: 
   > How long is an IP address blocked when it breaks a rule:
 * For actual blocking, Wordfence does that dynamically rather than adding countless
   lines to .htaccess.
 * I also use the NinjaFirewall plugin (stand-alone version for me) to check traffic
   and stop many things from ever even arriving at WordPress.
 *  Thread Starter [scieriro](https://wordpress.org/support/users/scieriro/)
 * (@scieriro)
 * [10 years, 11 months ago](https://wordpress.org/support/topic/wp-attack/#post-6270831)
 * I have Wordfence and installed also NinjaFirewall(which didn’t do anything for
   me). Also Wordfence didn’t make any difference as it lists every requests but
   it can’t differentiate from an normal access.
 *  [Andrew Nevins](https://wordpress.org/support/users/anevins/)
 * (@anevins)
 * WCLDN 2018 Contributor | Volunteer support
 * [10 years, 11 months ago](https://wordpress.org/support/topic/wp-attack/#post-6270832)
 * Have you talked to your hosting providers about this? I don’t think you can prevent
   it at the WordPress level.
 *  Thread Starter [scieriro](https://wordpress.org/support/users/scieriro/)
 * (@scieriro)
 * [10 years, 11 months ago](https://wordpress.org/support/topic/wp-attack/#post-6270843)
 * The attack it seems to be called Slow HTTP DoS Attacks, usually it attacks Apache.
   
   I have my own server, so far I’ve used fail2ban and Iptables, but the banned 
   Ip list is growing faster.
 *  Thread Starter [scieriro](https://wordpress.org/support/users/scieriro/)
 * (@scieriro)
 * [10 years, 11 months ago](https://wordpress.org/support/topic/wp-attack/#post-6270905)
 * Finally solved the issue by passing the job from fail2ban to Iptables, so instead
   to fail2ban send lots of IP’s into the iptables table to be dropped, I’ve done
   the following rules into Iptables, so for now all the requests matching those
   strings will be dropped by the Iptables automatically:
    Also I’ve used an plugin(
   hide login) to change my login page name, so I don’t need to have any references
   to the old wp-login.php.
 *     ```
       iptables -A INPUT -m string --algo bm --string "GET /wp-login.php HTTP/1.1" -j DROP
       iptables -A INPUT -m string --algo bm --string "GET /-/-/-/-/-/-/-/-/-/- HTTP/1.1" -j DROP
       ```
   
 *  Thread Starter [scieriro](https://wordpress.org/support/users/scieriro/)
 * (@scieriro)
 * [10 years, 11 months ago](https://wordpress.org/support/topic/wp-attack/#post-6270906)
 * Request closed.

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Wp Attack’ is closed to new replies.

## Tags

 * [ddos attack](https://wordpress.org/support/topic-tag/ddos-attack/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 6 replies
 * 3 participants
 * Last reply from: [scieriro](https://wordpress.org/support/users/scieriro/)
 * Last activity: [10 years, 11 months ago](https://wordpress.org/support/topic/wp-attack/#post-6270906)
 * Status: resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics