Brute Force Login Attacks

This simple site as well as others like it, attract more attacks than actual visitors. Just last night this site had a very friendly visitor from the Ukraine that tried to brute force the login page to the admin dashboard. See update: What surprised me was the fact that CloudFlare did not detect this attach even though the security settings for the login page were set to high. As a result, I have enabled rate limiting and configured Google based two-factor authentication for the login page. In addition to the attack on the login page, I also noticed a handful of attacks, that were also from Ukraine, targeting various WordPress plugins.

SSH brute force attacks are also a common occurrence as you can see from this log file. What is interesting is the fact that the attacks often come from two or more hosts from different countries at the same time, often times from residential Internet connections.

UPDATE:

I received an Email from CloudFlare informing me that rate limiting through CloudFlare needs to be configured for specific pages. Hey, somebody actually visited my site!


Posted

in

by

Tags: