[wp-hackers] Detecting the present botnet attacks
Tangren, Gerald Vernon
tangren at wsu.edu
Thu Jul 11 21:22:46 UTC 2013
How do some of the methods suggested here the last week or so compare with
an inclusive plug-in such as Better WP Security?
Jerry <tangren at wsu.edu>
WA State University-Tree Fruit Research & Extension Center
509-663-8181 x 231
USDA Cold Hardiness Zone 7a (during the current phase of the Pacific
³It¹s folks knowing so much that ain¹t so.² - Henry Wheeler Shaw
On 7/11/13 2:12 PM, "Nicolás Badano" <nicobadano at gmail.com> wrote:
>We too have been having quite a headache with the bot attacks recently.
>In our case, what we did was installing the wp-fail2ban plugin (no more
>than two lines of code that log unsuccessful login attempts in the
>auth.log file) and configured fail2ban to monitor that logfile with the
>regex included in the plugin. Three failed logins, and we shut down the
>server for that IP (Deny from XX.XXX.XXX.XXX in the main .htaccess). An
>iptables ban would probably accomplish the same thing, or the denyhosts
>action. As we don't have an admin or administrator account, we are
>looking into banning tries using those accounts right away from the
>first try, but I don't have code for that just yet.
>It's less sophisticated than stopping the botnet on its tracks by
>identifying a pattern (that would be GREAT) but it did help containing
>the bot invasion. We are not getting that many failed logins these days.
>I like how the Project Honey Pot looks like though: I'll probably give
>it a try, specially if it doesn't hurt performance too much.
>My two cents!
>wp-hackers mailing list
>wp-hackers at lists.automattic.com
More information about the wp-hackers