Multi Fake Login attempts

newdigi

I've recently installed Wordfence on a Wordpress site and have been seeing some interesting attempts to access the back-end.

Today for example I was notified of login attempts from a specific IP trying to login as admin and use the password recovery form. That IP was automatically blocked.

I'm wondering is there any point in contacting the company associated with that IP address to inform them? Or is it just accepted these days that this stuff is happening?

Thanks

Treepole

newdigi wrote: »

I've recently installed Wordfence on a Wordpress site and have been seeing some interesting attempts to access the back-end.

Today for example I was notified of login attempts from a specific IP trying to login as admin and use the password recovery form. That IP was automatically blocked.

I'm wondering is there any point in contacting the company associated with that IP address to inform them? Or is it just accepted these days that this stuff is happening?

Thanks

Is the IP belonging to an ISP or have you traced it to a specific company?

You could enter it in here and see if it has previously been reported for malicious activity

https://abuseipdb.com/

You'll being getting pretty much continuous attempts to brute force your wordpress, but bear in mind that 99.9% of these will just be automated bots and aren't targeting you specifically.

newdigi

Treepole wrote: »

Is the IP belonging to an ISP or have you traced it to a specific company?

You could enter it in here and see if it has previously been reported for malicious activity

https://abuseipdb.com/

You'll being getting pretty much continuous attempts to brute force your wordpress, but bear in mind that 99.9% of these will just be automated bots and aren't targeting you specifically.

Thanks for that. It's coming back as from an ISP. I suppose I was wondering if there was any point contacting them as it may be tied to a specific user. Then again it could be masked. I suppose these things are happening all the time.

AnCatDubh

depends on how much energy you have. sometimes i do, sometimes i don't. sometimes i get some acknowledgement, more often i don't.

It takes time and energy.

AnCatDubh

depends on how much energy you have. sometimes i do, sometimes i don't. sometimes i get some acknowledgement, more often i don't.

It takes time and energy.

Treepole

newdigi wrote: »

Thanks for that. It's coming back as from an ISP. I suppose I was wondering if there was any point contacting them as it may be tied to a specific user. Then again it could be masked. I suppose these things are happening all the time.

If it's tied to an ISP I wouldn't bother.
They won't care. Apathy is the cyber criminals greatest tool.

Impetus

Wordpress is not a secure platform, especially with add-ons.

While no system is perfect, one suggest you consider Drupal instead. Whitehouse.gov use it. The private intelligence agency http://stratfor.com was hacked some years ago, and their high profile customer data was re-published all over the planet. They moved to Drupal. (Incidentally most of the government agencies that subscribe to stratfor.com did not give their name - just a phone number (usually in the +1 202 area - Washington DC) which was placed in the cardholder name field). Perhaps a lesson for others?

Other sites that use Drupal: http://stratfor.com