You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2017-01-04 10:19 am
- lilguy43uk
- Member
- Registered: 2009-06-14
- Posts: 115
How odd.
After a serious Trojan attack on one of my heritage websites I deleted it entirely and have been rebuilding it from the ground up and restricted login access. Now I'm getting a regular attempt to log in to a deleted account.
I know it's not the person that held the account and there are only two or three attempts to log in on each day or two.
All the attempts are coming from mainstream UK providers such as BT, Sky, Virgin etc and they change every time.
I've hidden the login page and changed it a couple of times and deleted the default "Admin" account, as well as changing the passwords but the attempts continue.
I'm just about ready to restore the site forum but I'm reluctant to do so until I can sort this out.
Any advice regarding this would be welcome.
Offline
#2 2017-01-04 1:33 pm
- kpatz
- Member
- Registered: 2008-10-09
- Posts: 1,437
Re: How odd.
How much access do you have to the server? Can you install something like fail2ban?
Spam happens when greed meets stupidity.
Offline
#3 2017-01-04 1:51 pm
- lilguy43uk
- Member
- Registered: 2009-06-14
- Posts: 115
Re: How odd.
I have Sucuri and Wordfence running on the site as plugins but I don't know if I can install fail2ban on the server. I'll have to have a look.
Offline
#4 2017-01-04 1:53 pm
- Papa Parrot
- Member
- From: Mexico
- Registered: 2011-08-19
- Posts: 1,826
- Website
Re: How odd.
Some thing to keep in mind, these "bots" do not have the capability to "reason", at one time it
was able to connect , before the account was "deleted" . It does not know the account does not exist,
the bot just keeps trying every so often,
I know it's not the person
A "person" would see that there is no account to connect to, and probably not keep coming back, but these are not "persons" they are bots,....they just blindly keep trying to do what they were programmed
to do, regardles of the "futilty" of it.
I do use fail2ban, the logs show several, maybe even 100's they keep trying every day, all ways the same
ones, some try every day, others it is every few days,.... it is a endless "barage" of mindless "bots"/
The main thing is that they can not access.
If closed the server, shut it down, completely , they would still be there, making their "rounds" trying to connect
to a server that does not exist,..
Offline
#5 2017-01-04 6:47 pm
- SledgeBrother1
- Member
- From: Italy
- Registered: 2016-09-01
- Posts: 23
Re: How odd.
Hmmm... the best solution IMO is placing a captcha code who would deter them
Funny thing is SFS blocks me from trolling behind proxies
Offline
Pages: 1