[wp-hackers] Detecting the present botnet attacks
nicobadano at gmail.com
Thu Jul 11 21:12:04 UTC 2013
We too have been having quite a headache with the bot attacks recently.
In our case, what we did was installing the wp-fail2ban plugin (no more
than two lines of code that log unsuccessful login attempts in the
auth.log file) and configured fail2ban to monitor that logfile with the
regex included in the plugin. Three failed logins, and we shut down the
server for that IP (Deny from XX.XXX.XXX.XXX in the main .htaccess). An
iptables ban would probably accomplish the same thing, or the denyhosts
action. As we don't have an admin or administrator account, we are
looking into banning tries using those accounts right away from the
first try, but I don't have code for that just yet.
It's less sophisticated than stopping the botnet on its tracks by
identifying a pattern (that would be GREAT) but it did help containing
the bot invasion. We are not getting that many failed logins these days.
I like how the Project Honey Pot looks like though: I'll probably give
it a try, specially if it doesn't hurt performance too much.
My two cents!
More information about the wp-hackers