See this blog post - http://blog.spiderlabs.com/2013/04/defending-wordpress-logins-from-brute-force-attacks.html
Ryan Barnett Senior Lead Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> On Jul 18, 2014, at 7:31 AM, "Aniyan Rajan" <aniyan.raj...@gmail.com<mailto:aniyan.raj...@gmail.com>> wrote: Hello, I am getting the following in my /var/log/apache2/access.log. It is an attack I believe, as it has "http://";. Please correct me if I am wrong. They have correctly identified my domain name also. Is it possible to prevent these by installing and configuring modsecurity ? Please suggest. Thanks. 146.0.72.182 - - [17/Jul/2014:23:37:27 +0000] "POST http://MY-DOMAIN.COM/wp-login.php/ HTTP/1.1" 200 3968 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.2) Gecko/2008091620 Firefox/3.0.2" 146.0.72.182 - - [17/Jul/2014:23:37:29 +0000] "POST http://MY-DOMAIN.COM/wp-login.php/ HTTP/1.1" 200 3968 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.2) Gecko/2008091620 Firefox/3.0.2" 146.0.72.182 - - [17/Jul/2014:23:37:30 +0000] "POST http://MY-DOMAIN.COM/wp-login.php/ HTTP/1.1" 200 3968 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.2) Gecko/2008091620 Firefox/3.0.2" 146.0.72.182 - - [17/Jul/2014:23:37:30 +0000] "POST http://MY-DOMAIN.COM/wp-login.php/ HTTP/1.1" 200 3968 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.2) Gecko/2008091620 Firefox/3.0.2" 146.0.72.182 - - [17/Jul/2014:23:37:31 +0000] "POST http://MY-DOMAIN.COM/wp-login.php/ HTTP/1.1" 200 3968 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.2) Gecko/2008091620 Firefox/3.0.2" 146.0.72.182 - - [17/Jul/2014:23:37:32 +0000] "POST http://MY-DOMAIN.COM/wp-login.php/ HTTP/1.1" 200 3968 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.2) Gecko/2008091620 Firefox/3.0.2" 146.0.72.182 - - [17/Jul/2014:23:37:33 +0000] "POST http://MY-DOMAIN.COM/wp-login.php/ HTTP/1.1" 200 3968 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.2) Gecko/2008091620 Firefox/3.0.2" 146.0.72.182 - - [17/Jul/2014:23:37:33 +0000] "POST http://MY-DOMAIN.COM/wp-login.php/ HTTP/1.1" 200 3968 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.2) Gecko/2008091620 Firefox/3.0.2" _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:Owasp-modsecurity-core-rule-set@lists.owasp.org> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
