Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Entries in Log Question

Discussion in 'Security' started by NOC SZ, Aug 30, 2018.

  1. NOC SZ

    NOC SZ Member

    Joined:
    Sep 13, 2017
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Dubai
    cPanel Access Level:
    Root Administrator
    Hi,

    Im seeing a lot of the below messages in my access log:

    [30/Aug/2018:14:15:54 -0400] "GET /wp-login.php HTTP/1.1" 200 8093 "-" "python-requests/2.18.4"
    [30/Aug/2018:14:15:56 -0400] "GET /wp-login.php HTTP/1.1" 200 8094 "-" "python-requests/2.18.4"
    [30/Aug/2018:14:16:00 -0400] "POST /wp-login.php HTTP/1.1" 503 21325 "-" "python-requests/2.18.4"
    [30/Aug/2018:14:16:01 -0400] "POST /wp-login.php HTTP/1.1" 503 21325 "-" "python-requests/2.18.4"
    [30/Aug/2018:14:16:05 -0400] "GET / HTTP/1.0" 200 42233 "-" "Wget/1.11.4 Red Hat modified"
    [30/Aug/2018:14:16:19 -0400] "GET / HTTP/1.1" 200 42233 "-" "Chrome/50.0.2661.102 Safari/537.36"
    [30/Aug/2018:14:16:30 -0400] "GET /wp-login.php HTTP/1.1" 200 8093 "-" "python-requests/2.18.4"
    [30/Aug/2018:14:16:33 -0400] "GET /wp-login.php HTTP/1.1" 200 8093 "-" "python-requests/2.18.4"
    [30/Aug/2018:14:16:34 -0400] "GET /wp-login.php HTTP/1.1" 200 8094 "-" "python-requests/2.18.4"
    [30/Aug/2018:14:16:33 -0400] "GET /wp-login.php HTTP/1.1" 503 21183 "-" "python-requests/2.18.4"
    [30/Aug/2018:14:16:32 -0400] "POST /wp-login.php HTTP/1.1" 503 21325 "-" "python-requests/2.18.4"
    [30/Aug/2018:14:16:38 -0400] "POST /wp-login.php HTTP/1.1" 503 21325 "-" "python-requests/2.18.4"
    [30/Aug/2018:14:16:41 -0400] "POST /wp-login.php HTTP/1.1" 200 7700 "-" "python-requests/2.18.4"
    [30/Aug/2018:14:20:20 -0400] "GET /wp-login.php HTTP/1.1" 200 8094 "-" "python-requests/2.18.4"
    [30/Aug/2018:14:20:22 -0400] "GET /wp-login.php HTTP/1.1" 200 8094 "-" "python-requests/2.18.4"
    [30/Aug/2018:14:20:28 -0400] "POST /wp-login.php HTTP/1.1" 200 7699 "-" "python-requests/2.18.4"
    [30/Aug/2018:14:20:27 -0400] "POST /wp-login.php HTTP/1.1" 503 21325 "-" "python-requests/2.18.4"
    [30/Aug/2018:14:20:28 -0400] "GET /wp-login.php HTTP/1.1" 200 8094 "-" "python-requests/2.18.4"
    [30/Aug/2018:14:20:34 -0400] "POST /wp-login.php HTTP/1.1" 200 6973 "-" "python-requests/2.18.4"
    [30/Aug/2018:14:20:34 -0400] "POST /wp-login.php HTTP/1.1" 200 7700 "-" "python-requests/2.18.4"
    [30/Aug/2018:14:20:34 -0400] "POST /wp-login.php HTTP/1.1" 200 6974 "-" "python-requests/2.18.4"
    [30/Aug/2018:14:20:22 -0400] "GET /wp-login.php HTTP/1.1" 200 8093 "-" "python-requests/2.18.4"
    [30/Aug/2018:14:20:41 -0400] "GET /wp-login.php HTTP/1.1" 200 8093 "-" "python-requests/2.18.4"
    [30/Aug/2018:14:20:44 -0400] "POST /wp-login.php HTTP/1.1" 200 7701 "-" "python-requests/2.18.4"


    ------------------------------------
    The server gets high load within seconds and crashes within few minutes.
    the attempt is from different IPs , so I can not block IP

    How can I fix this, any help would be appreciated!


    OS: Centos5.11
    cpanel : cPanel [11.54] (pro,attracta)
     
  2. sysnishit

    sysnishit Active Member

    Joined:
    Aug 13, 2018
    Messages:
    25
    Likes Received:
    3
    Trophy Points:
    3
    Location:
    Internet
    cPanel Access Level:
    Root Administrator
    Hello,

    It seems brute force attack on your wordpress site. There are many plugin which can protect your site from such attack like "Loginizer". Another option is password protect directory. You can use .htaccess rule to password protect wp-login.php url.
    Refer this url for more information. Remove spaces from url.
    https :// codex .wordpress. org/ Brute_Force_Attacks
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,009
    Likes Received:
    2,123
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    You may also find the following thread helpful:

    wp-login.php and mod security

    Additionally, you're using an EOL version of cPanel and CentOS. I encourage setting up a new server with CentOS 7 and a recent cPanel & WHM version to ensure you're using the most up to date software.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice