The other day I noticed lots of hits to wp-login.php on my WordPress install. So I moved it to a new filename, and wrote a quick php file that appends the POST data received to a file. Actually, I used a linux “named pipe” so I could then run the command “cat” to print out what was being sent as it came in. I considered capturing all the attempted passwords and ip addresses, they might be useful…. but I lost interest. I got enough joy by just watching the server log fill with 404 responses.
Categories
2 replies on “Botnet Attacks”
Take a look at Login Lockdown or Limit Login Attempts. Both of these can temporarily lockout IP addresses that have excessive failed attempts on the WP-admin.
Interesting. I will look into it.