Wordpress1 & 2 filter

[peps03]

Hi. I can't find what the BFM filters Wordpress1 & Wordpress2 do anywhere.
What kind of attempts do the scan for? Only /wp-login.php?
I also see this page: /xmlrpc.php, does it also contain a security risk?


One more question, the BFM also detected 100+ failed login attempts on filter Wordpress1 & Wordpress2 from the server's own IP-address?! How is that possible? What could cause this?

Thanks!

 

[peps03]

Does anyone have some time to answer? Thanks

 

[ditto]

Please read the changelog when you upgrade DirectAdmin: http://www.directadmin.com/versions.php

Here is a direct link to the changelog regarding the new feature wich answer your questions: http://www.directadmin.com/features.php?id=1695

 

[peps03]

Thanks for your reply ditto.
Yes, i saw that page. It doesn't say anything about scanning xmlrpc.php as well. But is does. So i thought there is more to the BFM log scanning than mentioned on this page.

My other question: the BFM also detected 200+ failed login attempts on filter Wordpress1 & Wordpress2 from the server's own IP-address?! How is that possible? What could cause this?

 

[ditto]

Hackers can do bruteforce attempt at xmlrpc.php just like they can with wp-login.php, so it is good that BFM also monitor bruteforce attacks against xmlrpc.php

If you have bruteforce attacks against wp-login.php or xmlrpc.php from your own server ip address, then some of your existing WordPress sites might have been compromised and doing attacks on other sites on the same server. But I can't say for sure if that is whats happening.

 

[peps03]

Hackers can do bruteforce attempt at xmlrpc.php just like they can with wp-login.php, so it is good that BFM also monitor bruteforce attacks against xmlrpc.php

Ok, thanks. Good to know.

But I can't say for sure if that is what's happening.

How can i find out what is causing this? Any tip on what to check?