URGENT HELP> Attempted hacks

  • Unknown's avatar
    lukecha · Member ·

    I’ve been receiving attempted ‘Failed login attempts’ emails from wordpress.

    Lots of the emails in the last week of a hacker(?) or bot(?) trying to get into my business site. They seem to be systematically using log ins of the users on my administration/editor/writer list. I have 4 or 5 users, none of which have logged in recently, and the hacker has tried 12 to 16 times using 3 or 4 of the users.
    The emails read
    ‘Hello,

    16 failed login attempts (4 lockout(s)) from IP 2405:3f00:a222:bbbb:bba1:2a:ffff:ffff
    Last user attempted: [luke]
    IP was blocked for 24 hours
    This notification was sent automatically via Limit Login Attempts Reloaded Plugin. This is installed on your WordPress site.

    Under Attack? Try our advanced protection. Have Questions? Visit our help section.’

  • aleone89 · Staff ·

    Hello there,

    Many thanks for reaching out.

    Are you able to confirm the URL of the website that you need assistance with please?

    Many thanks.

  • Unknown's avatar
    lukecha · Member ·

    http://www.ninjanation.com.au
    What I think I have done today to attempt to prevent any further attempts is I logged into our site via wordpress and found a plug-in already installed called Limit Login Attempts Reloaded. Our website developer may have installed it previously but has little to do with it now. The plug-in to my understanding allows me to change the allowable log in retries and lock out rules. so I increased the lock out time after 4 failed retries to 30 minutes and after 4 more tries from 24 hours to 100 hours, and 100 hours until retries are reset. The Log in this plug in shows all the IP’s of attempted log in fails and lock outs. The list is quite long. the most recent ones show 8-30 lock outs, but also one previous 66 in December 2020 lock out from another IP address. then there’s a long list of many IPs that have had 1-2 lock outs attempting to use various users on our list which are disturbing too. I added the most malicious 2 repeating IP’s to a block list window. So hopefully that stops this attack. But I don’t know if it will and I don’t know if it will stop further attacks from other IP’s/hackers.

    Thank you for looking into this matter.

  • staff-mckluskey · Staff ·

    Hi there!

    I’m afraid that your site is not hosted with WordPress.com so we can’t really help. It is a site using the open-source WordPress software (from WordPress.org) but hosted elsewhere.

    Because WordPress.com and WordPress.org are two entirely separate entities, we cannot access files or data for sites hosted elsewhere; we can only assist with sites hosted on our servers. You can read more about the differences between WordPress.org software and WordPress.com here:
    https://wordpress.com/support/com-vs-org/.

    You can look for help at the community forums here: https://wordpress.org/support/forums/.

    http://wordpress.org/support/ is also a great resource for sites using the open-source WordPress.org software.

  • The topic ‘URGENT HELP> Attempted hacks’ is closed to new replies.