wp-login.php attacks

needsomehelp · August 2, 2019, 12:42pm

why do we still get attacks on wp-login then it’s meant to be protected ?

Put your login scripts and pathes here. All of them would be protected by bruteforce protection rules.

wp-login.php
login.php
admin.php
dologin.php

Ansari_WAF · August 2, 2019, 12:55pm

Hi

Can you please provide audit log for this incident, Cwaf plugin version, web server and it’s details?
Enable brute force protection rules if you already done ignore this.

needsomehelp · August 2, 2019, 12:58pm

Don’t have the plugin installed it’s just installed in WHM ModSecurity™ Vendors. Would it be better if i used the plugin

Ansari_WAF · August 2, 2019, 1:32pm

Hi
Can you please ask your issue in Mod_security log? | cPanel Forums

needsomehelp · August 2, 2019, 2:47pm

that thread was closed 10 years ago ? so why would i want to ask there.

Ansari_WAF · August 2, 2019, 3:07pm

Since you didn’t use Comodo plugin - cwaf. How could I analyse your issues and resolve. This issue not belong to cwaf.
You can create ticket - https://forums.cpanel.net/

needsomehelp · August 2, 2019, 3:10pm

I meant we never installed the puglin we added them under WHM ModSecurity

needsomehelp · August 3, 2019, 3:19pm

is it just me that’s getting these wp-login attacks my server loads are so high i have started to lose customers now because of this problem

needsomehelp · August 4, 2019, 10:27am

Only way to stop them is add /wp-login.php to userdata_bl_URLs but then customers can’t login admin.

But i need to know why userdata_login_pages wont stop when /wp-login had been added

Ansari_WAF · August 5, 2019, 7:28am

Hi
Since you did not used comodo WAF product. So i could not analyzed your issues and resolved it. Installation and configuration of comodo waf - Comodo Help . After successfully installation Enable brute force protection rules. If you have any queries provide following details for further process.

Web server, cwaf plugin version, and it’s details.

needsomehelp · August 5, 2019, 9:38am

Fred straw
10:35 (2 minutes ago)
to waf

i have used them for ages i use the one installed via modsecurity vendors where you just add the link

all rules have been enabled for years
web server is apache
how do i find what version i have

i think it’s version rule_set=1.215

needsomehelp · August 5, 2019, 3:13pm

can you please reply to my ticket been here for weeks now trying to get this sorted

maryprincyedward · August 8, 2019, 10:05am

We have released ruleset version 1.216. Please update your rules and enable Bruteforce signature.

webinfo · September 5, 2019, 6:00pm

why you don’t use this solution, it really works very well. I had the same problem

https://forum.configserver.com/viewtopic.php?t=9447#p27402

If you have cpanel and lfd/csf apply immediately