1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Somebody is tryig to hack my site

Discussion in 'BlackHat Lounge' started by Mobrich24, Jun 14, 2016.

  1. Mobrich24

    Mobrich24 Junior Member

    Joined:
    Jun 3, 2016
    Messages:
    134
    Likes Received:
    24
    Occupation:
    Capo
    Location:
    Poker Room
    16 failed login attempts (4 lockout(s)) from IP: 91.210.147.25

    Last user attempted: admin

    IP was blocked for 24 hours

    I've had this email quite a few times lately anyone know What's going on?
     
  2. Mobrich24

    Mobrich24 Junior Member

    Joined:
    Jun 3, 2016
    Messages:
    134
    Likes Received:
    24
    Occupation:
    Capo
    Location:
    Poker Room
    To the top this seems pretty serious. Has anyone else had this problem with Wordpress?
     
  3. nycdude

    nycdude Regular Member

    Joined:
    Oct 1, 2009
    Messages:
    485
    Likes Received:
    562
    Location:
    Mazatlán
    Are you getting those emails from Wordfence or some other security plugin? If so don't panic, because it's doing it's job and letting you know it is. I get dozens of these emails from Wordfence, I have it set to block many other kinds of attacks.
     
  4. StormLand

    StormLand Newbie

    Joined:
    Jun 19, 2016
    Messages:
    33
    Likes Received:
    3
    Gender:
    Male
    Install some wordpress security now
     
  5. Mobrich24

    Mobrich24 Junior Member

    Joined:
    Jun 3, 2016
    Messages:
    134
    Likes Received:
    24
    Occupation:
    Capo
    Location:
    Poker Room
    I'm not using any security its from Wordpress because whomever tried to login to my site failed a bunch of times. Do you suggest wordfence?
     
  6. The Doctor

    The Doctor Jr. VIP Jr. VIP

    Joined:
    Dec 18, 2010
    Messages:
    899
    Likes Received:
    262
    Occupation:
    Computer Scientist, Engineer, Programmer.
    Location:
    ☆☆☆☆☆☆
    Home Page:
    As long as you have a strong password you shouldn't worry about login attempts.
     
  7. Phenomix

    Phenomix Regular Member

    Joined:
    Sep 21, 2014
    Messages:
    477
    Likes Received:
    189
    Gender:
    Male
    Location:
    Australia
    I get these all the time. Install Wordfence and Google the best configuration settings so that you can ban and lock out the offending IP's.
     
  8. Bleght

    Bleght BANNED BANNED

    Joined:
    Feb 18, 2016
    Messages:
    548
    Likes Received:
    170
    If you changed your username and have a strong password, they will not be able to bruteforce it like that, but you should ban the IP anyway.
     
  9. The Doctor

    The Doctor Jr. VIP Jr. VIP

    Joined:
    Dec 18, 2010
    Messages:
    899
    Likes Received:
    262
    Occupation:
    Computer Scientist, Engineer, Programmer.
    Location:
    ☆☆☆☆☆☆
    Home Page:
    technically, a 2 factor authentication plugin should be the advised course of action.
     
  10. Moabaer

    Moabaer Junior Member

    Joined:
    Sep 28, 2010
    Messages:
    101
    Likes Received:
    13
    I am having the same problem at the moment. Don't worry about it. It seems you are using wordfence just like I do, just set the time banned to 30 days. If you lock yourself out for some reason, you can simply send yourself an email to unlock yourself again, so make sure your email system is working properly.

    And change the name to something other than Admin and check the option that anybody who tries to login with a username that does not exist will instantly get blocked. Most attacks will be on Admin, but if you don't have an Admin account they will instantly be locked out. That's how I do it and even with a huge ton of proxies there is almost no way to brute force the password
     
  11. xbryan

    xbryan Senior Member

    Joined:
    Jul 12, 2015
    Messages:
    883
    Likes Received:
    211
    boot his ip
     
  12. Zwielicht

    Zwielicht Moderator Staff Member Moderator Jr. VIP

    Joined:
    Aug 31, 2013
    Messages:
    6,629
    Likes Received:
    11,764
    Gender:
    Male
    Occupation:
    Private Investigator
    Location:
    Riverside, California
    Home Page:
    I just use this plugin: https://wordpress.org/plugins/rename-wp-login/

    Some saavy hackers can still get to your wp-login page even after you rename it, but most of them will have trouble.

    Edit: I'm actually looking into this Google Authenticator plugin. I use it for BHW and a few other sites, so maybe it's also worth looking into for you as well. I think Wordfence also has a similar feature in their plugin.
     
    Last edited: Jun 20, 2016
  13. socialsmartm

    socialsmartm BANNED BANNED

    Joined:
    Nov 6, 2014
    Messages:
    94
    Likes Received:
    7
    Gender:
    Male
    i had the same problem, but don't worry until is shown like an attempt, if someone get access you won't get any notification.Also, install wordfence
     
  14. TonyMorning

    TonyMorning Newbie

    Joined:
    Jun 20, 2016
    Messages:
    22
    Likes Received:
    0
    Gender:
    Male
    install wordfence is a good choice