20151221 So I Woke Up This Morning And Saw That

Keith I MyersKeith I Myers2015-12-21 11:36:33-0500 – Updated: 2015-12-21 11:36:33-0500So I woke up this morning and saw that some bonehead tried to brute-force my blog. Fortunately he/she did not get in as I employed a few security features such as rate-limiting and blocking IP addresses with an excessive number of logins. I also have 2 factor authentication setup as an extra layer of protection.

Over 500 attempts with the username “admin”,  “administrator” and “kmyers.me“.Shared with: Public, Keith I Myers, C K, Hugh McVea, Alex Minnucci+1’d by: Chris Radtke, Laurie DesAutels, Andrew Bernstein, Chris Pugrud, Hugh McVeaAaron Honeycutt – 2015-12-21 11:44:53-0500XD Hugh McVea – 2015-12-21 11:45:01-0500+Keith I Myers​ At least you had taken precautions and they worked. Keith I Myers – 2015-12-21 11:54:52-0500You are correct +Hugh McVea – That is the reason I took those precautions (and a few others that I did not mention).Laurie DesAutels – 2015-12-21 14:21:08-0500WowKeith I Myers – 2015-12-21 14:50:36-0500+Carlos Krefft – They were blocked as my first layer security tools kicked in as designed. The problem is I have a addon that sends me an email on all successful (and unsuccessful) login attempts with the details of the attempt. I got hit with a slew of emails.Alex Minnucci – 2015-12-21 14:54:42-0500500 is way WAY too many. Use fail2ban, ban after only a couple of attemptsKeith I Myers – 2015-12-21 15:02:47-0500+Alex Minnucci – fail2ban is a great solution assuming they are all coming from the same IP rangeAlex Minnucci – 2015-12-21 15:04:29-0500True, how many addresses were used? Keith I Myers – 2015-12-21 15:06:14-0500In this case it was a small number, I am sure the person tried a lot more then 500 times but most of them were blocked

Leave a Comment