Entries in Log Question

Hi, Im seeing a lot of the below messages in my access log: [30/Aug/2018:14:15:54 -0400] "GET /wp-login.php HTTP/1.1" 200 8093 "-" "python-requests/2.18.4" [30/Aug/2018:14:15:56 -0400] "GET /wp-login.php HTTP/1.1" 200 8094 "-" "python-requests/2.18.4" [30/Aug/2018:14:16:00 -0400] "POST /wp-login.php HTTP/1.1" 503 21325 "-" "python-requests/2.18.4" [30/Aug/2018:14:16:01 -0400] "POST /wp-login.php HTTP/1.1" 503 21325 "-" "python-requests/2.18.4" [30/Aug/2018:14:16:05 -0400] "GET / HTTP/1.0" 200 42233 "-" "Wget/1.11.4 Red Hat modified" [30/Aug/2018:14:16:19 -0400] "GET / HTTP/1.1" 200 42233 "-" "Chrome/50.0.2661.102 Safari/537.36" [30/Aug/2018:14:16:30 -0400] "GET /wp-login.php HTTP/1.1" 200 8093 "-" "python-requests/2.18.4" [30/Aug/2018:14:16:33 -0400] "GET /wp-login.php HTTP/1.1" 200 8093 "-" "python-requests/2.18.4" [30/Aug/2018:14:16:34 -0400] "GET /wp-login.php HTTP/1.1" 200 8094 "-" "python-requests/2.18.4" [30/Aug/2018:14:16:33 -0400] "GET /wp-login.php HTTP/1.1" 503 21183 "-" "python-requests/2.18.4" [30/Aug/2018:14:16:32 -0400] "POST /wp-login.php HTTP/1.1" 503 21325 "-" "python-requests/2.18.4" [30/Aug/2018:14:16:38 -0400] "POST /wp-login.php HTTP/1.1" 503 21325 "-" "python-requests/2.18.4" [30/Aug/2018:14:16:41 -0400] "POST /wp-login.php HTTP/1.1" 200 7700 "-" "python-requests/2.18.4" [30/Aug/2018:14:20:20 -0400] "GET /wp-login.php HTTP/1.1" 200 8094 "-" "python-requests/2.18.4" [30/Aug/2018:14:20:22 -0400] "GET /wp-login.php HTTP/1.1" 200 8094 "-" "python-requests/2.18.4" [30/Aug/2018:14:20:28 -0400] "POST /wp-login.php HTTP/1.1" 200 7699 "-" "python-requests/2.18.4" [30/Aug/2018:14:20:27 -0400] "POST /wp-login.php HTTP/1.1" 503 21325 "-" "python-requests/2.18.4" [30/Aug/2018:14:20:28 -0400] "GET /wp-login.php HTTP/1.1" 200 8094 "-" "python-requests/2.18.4" [30/Aug/2018:14:20:34 -0400] "POST /wp-login.php HTTP/1.1" 200 6973 "-" "python-requests/2.18.4" [30/Aug/2018:14:20:34 -0400] "POST /wp-login.php HTTP/1.1" 200 7700 "-" "python-requests/2.18.4" [30/Aug/2018:14:20:34 -0400] "POST /wp-login.php HTTP/1.1" 200 6974 "-" "python-requests/2.18.4" [30/Aug/2018:14:20:22 -0400] "GET /wp-login.php HTTP/1.1" 200 8093 "-" "python-requests/2.18.4" [30/Aug/2018:14:20:41 -0400] "GET /wp-login.php HTTP/1.1" 200 8093 "-" "python-requests/2.18.4" [30/Aug/2018:14:20:44 -0400] "POST /wp-login.php HTTP/1.1" 200 7701 "-" "python-requests/2.18.4" ------------------------------------ The server gets high load within seconds and crashes within few minutes. the attempt is from different IPs, so I can not block IP How can I fix this, any help would be appreciated! OS: Centos5.11 cpanel : cPanel [11.54] (pro,attracta)

sysnishit

August 30, 2018 21:10

Hello, It seems brute force attack on your wordpress site. There are many plugin which can protect your site from such attack like "Loginizer". Another option is password protect directory. You can use .htaccess rule to password protect wp-login.php url. Refer this url for more information. Remove spaces from url. https :// codex .wordpress. org/ Brute_Force_Attacks

cPanelMichael

August 31, 2018 17:27

Hello, You may also find the following thread helpful:

Entries in Log Question

Comments

Didn't find what you were looking for?