You are not logged in.

#1 2017-01-04 10:19 am

lilguy43uk
Member
Registered: 2009-06-14
Posts: 115

How odd.

After a serious Trojan attack on one of my heritage websites I deleted it entirely and have been rebuilding it from the ground up and restricted login access. Now I'm getting a regular attempt to log in to a deleted account.

I know it's not the person that held the account and there are only two or three attempts to log in on each day or two.

All the attempts are coming from mainstream UK providers such as BT, Sky, Virgin etc and they change every time.

I've hidden the login page and changed it a couple of times and deleted the default "Admin" account, as well as changing the passwords but the attempts continue.

I'm just about ready to restore the site forum but I'm reluctant to do so until I can sort this out.

Any advice regarding this would be welcome.

Offline

#2 2017-01-04 1:33 pm

kpatz
Member
Registered: 2008-10-09
Posts: 1,437

Re: How odd.

How much access do you have to the server?  Can you install something like fail2ban?


Spam happens when greed meets stupidity.

Offline

#3 2017-01-04 1:51 pm

lilguy43uk
Member
Registered: 2009-06-14
Posts: 115

Re: How odd.

I have Sucuri and Wordfence running on the site as plugins but I don't know if I can install fail2ban on the server. I'll have to have a look.

Offline

#4 2017-01-04 1:53 pm

Papa Parrot
Member
From: Mexico
Registered: 2011-08-19
Posts: 1,826
Website

Re: How odd.

Some thing to keep in mind, these "bots" do not have the capability to "reason",  at one time it
was able to connect , before the account was "deleted" . It does not know the account does not exist,
the bot just keeps trying every so often,

I know it's not the person

A "person" would see that there is no account to connect to, and probably not keep coming back,  but these are not "persons" they are bots,....they just blindly keep trying to do what they were programmed
to do, regardles of the "futilty" of it.

I do use fail2ban, the logs show several, maybe even 100's they keep trying every day, all ways the same
ones, some try every day, others it is every few days,.... it is a endless "barage" of mindless "bots"/
The main thing is that they can not access.
If closed the server, shut it down, completely , they would still be there, making their "rounds" trying to connect
to a server that does not exist,..

Offline

#5 2017-01-04 6:47 pm

SledgeBrother1
Member
From: Italy
Registered: 2016-09-01
Posts: 23

Re: How odd.

Hmmm... the best solution IMO is placing a captcha code who would deter them


Funny thing is SFS blocks me from trolling behind proxies big_smile

Offline

Board footer

Powered by FluxBB

Close
Close