Home » Blog » Hacks » WordPress login failures

WordPress login failures

Back in January I started noticing a lot of failed attempts to log into this website’s admin section, presumably in an attempt to hijack the website and use it to send spam, host illegal content or join some sort of botnet. It seems that many other websites are being affected in the same way.

I’m not particularly worried about this. All of these attempts have so far used the default WordPress user name of “admin”, which doesn’t exist here, and nobody has yet realised that this website is configured to only accept logins over secure connections (i.e., https, not http). Even if they did get that right, it would still take about a billion years to crack the password by brute force. (Well, OK. Perhaps not quite as long as that. But still…)

Anyway, I wrote a script to monitor these failed logins and disable logins altogether from repeat offenders. Since January it’s caught quite a few. Here’s the list of IP addresses that have tried 10 or more times to log in to the non-existent admin account. (Note: This list is updated live, so it will probably keep growing for a while yet.)

List of rogue IP addresses

5.39.58.6 5.39.98.242 5.101.40.93 5.135.164.43 5.188.87.12 5.188.211.25 5.196.72.102 13.94.33.50 31.210.47.92 37.59.8.84 37.120.204.180 37.252.96.100 41.76.109.20 45.227.253.243 45.227.254.240 45.227.254.241 45.227.254.252 46.3.96.72 46.119.116.151 46.119.120.176 46.148.22.210 51.15.145.148 51.38.51.73 51.83.141.109 52.47.201.74 54.153.50.165 62.4.15.41 62.210.15.96 66.206.231.94 67.222.102.11 77.39.90.54 77.72.82.15 77.72.83.230 77.245.149.12 81.22.45.136 81.22.45.137 85.204.246.240 88.132.15.90 89.35.39.60 89.35.39.86 89.35.39.180 91.197.234.45 91.200.12.2 91.200.12.22 91.200.12.49 91.200.12.52 91.200.12.53 91.200.12.91 91.200.12.113 91.200.12.151 91.210.145.26 91.210.145.252 91.210.146.7 91.211.88.70 91.236.251.178 92.246.76.73 92.246.76.74 94.45.140.186 94.177.238.146 103.14.42.32 103.28.148.202 103.56.115.156 103.221.222.198 108.179.219.114 109.163.234.7 109.163.234.8 112.78.4.176 119.23.200.187 123.206.197.121 123.206.207.134 128.199.133.114 134.249.48.162 139.59.7.1 139.99.124.9 142.4.17.157 142.54.160.154 149.56.16.106 157.245.185.98 158.69.225.119 159.0.196.21 160.202.162.45 160.202.162.204 162.144.43.123 163.172.255.16 173.208.169.26 176.31.252.11 178.128.7.71 178.137.16.56 183.48.23.139 185.51.247.212 185.68.111.81 185.85.190.132 185.85.191.196 185.85.191.201 185.85.238.244 185.85.239.110 185.85.239.157 185.85.239.195 185.86.5.212 185.86.5.251 185.86.13.213 185.86.164.98 185.86.164.99 185.86.164.100 185.86.164.101 185.86.164.102 185.86.164.103 185.86.164.104 185.86.164.106 185.86.164.107 185.86.164.108 185.86.164.109 185.86.164.110 185.86.164.111 185.86.167.4 185.92.73.31 185.119.81.11 185.119.81.39 185.119.81.50 185.159.36.8 185.211.245.158 185.211.245.166 185.211.245.167 185.211.245.169 185.211.245.197 185.211.245.199 185.222.210.60 185.222.211.40 185.234.216.55 185.234.218.21 188.213.49.210 188.240.208.26 192.99.38.186 192.187.98.42 192.187.100.58 192.187.111.146 192.254.207.123 193.201.224.8 193.201.224.17 193.201.224.28 193.201.224.193 193.201.224.207 193.201.224.210 193.201.224.213 193.201.224.215 193.201.224.217 193.201.224.220 193.201.224.225 195.154.26.37 195.154.48.192 195.154.52.152 195.154.63.84 195.154.156.211 195.154.223.224 195.154.240.26 195.154.251.162 198.12.152.118 199.36.221.179 204.12.193.74 210.177.143.157 212.83.166.123 212.83.178.35 212.83.178.42 212.83.188.26 213.251.182.115 216.10.245.209 217.61.22.139

Total number of failed logins: 26936

This entry was posted in Hacks. Bookmark the permalink.


More posts

Previous post:

Next post:

Header image: Busy night-time traffic appears as trails of light in this long exposure shot of Akasaka-Mitsuke (赤坂見附) in Tokyo by user DarkFritz at Wikimedia Commons.

Powered by WordPress