BRUTE FORCE Attack from my server ip!!

[absoonoo]

hi
I receive this error from brute force monitor on DA.
78.46.60.9 is my main server ip.

	wordpress1	78.46.60.9 - - [03/Sep/2015:11:11:56 +0430] "POST /wp-login.php

; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7_1.3 <<>> -x 78.46.60.9 +noshort
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33757
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;9.60.46.78.in-addr.arpa.	IN	PTR

;; ANSWER SECTION:
9.50.46.78.in-addr.arpa. 86196	IN	PTR	static.9.60.46.78.clients.your-server.de.

;; AUTHORITY SECTION:
60.46.78.in-addr.arpa.	34800	IN	NS	ns.second-ns.com.
60.46.78.in-addr.arpa.	34800	IN	NS	ns3.second-ns.de.
60.46.78.in-addr.arpa.	34800	IN	NS	ns1.your-server.de.

;; Query time: 3 msec
;; SERVER: 213.133.98.98#53(213.133.98.98)
;; WHEN: Thu Sep 01 11:28:18 IQDT 2015
;; MSG SIZE  rcvd: 182

I try this guid to XMLRPC.php

 

[Richard G]

Are you sure that is your ip and you are running Directadmin? Because if I put that ip in my browser, it won't load.
Normally DA will give a page, unless you disabled that by changing some stuff.

I suggest you install Configserver Firewall (CSF/LFD) it's free and it's the best around. It is of use in any case.

 

[24x7server]

Hi,

If you see those wp-login.php in it, then you should be securing the wordpress login of the site. You can use wordpress plugin like wordfence or other to secure it.

You can also install CSF and configure it to block the IPs on brute force attempts.