Brute force site attack

Started by Plan, Aug 24, 2022, 09:13 AM

Previous topic - Next topic

PlanTopic starter

Hi!
Brute force attack on a site in order to brute-force passwords, that is, stupidly and head-on. Does it really work or does it just load the webserver where the website is located.

I wanted to know your opinion. I recently installed the Limit Login Attempts plugin for my CMS-based WordPress website to protect and log attacks of this type.

I installed it recently and that's what's interesting, there really are attacks and for a not very long time there are already 104 isolations. Basically, there are attacks on the WP-Login admin panel and XMLRPC (some tricky WordPress garbage for remote posting).

Common requests for logins in attempts to crĐ°ck a password: the name of your website, demo, test, admin, and various others that are mysterious to me, and even Christmas Piano - are there really such logins.

I installed that plugin due to overloading the server RAM, although this may not be related to this, but to a lot of different plugins that are significant and there may be some errors somewhere. But provider sent letters that the memory was being overused and possible reasons, here is one of them a brute force attack.

But actually my question is, it seems that these attacks were on my website before installing the plugin for a very long time and during this time, and this is about 2 years, and no one went through the password using the brute force method, so why do it if this does not work?
  •  

Dmitry328

And the hosting provider does not know that you are being brute. Maybe YOUR external script is hammering on your wp-login.php and sends the data you need, and the hosting provider will take and break your whole world.
From this you must defend yourself (well, or hire someone who will set up protection).

Sucked the problem off your finger. The problem is solved by closing the admin panel by ip or should the hosting provider guess your ip from which you will administer?

The problem here is not in hosting providers, but in webmasters who take on websites without knowledge of the matter and sincerely hope that someone else will fill their gaps for them. Take books and read, and do not tell who owes what to whom.
  •