Apparently a failed brute force attack was attempted against my site.
I had Defender installed but it didn’t seem to have done anything.
Checking the logs on the server, I
can see that PHP was the culprit yesterday;
Mar 26 12:39:18 46 kernel: [163719.215635] php-cgi invoked oom-killer: gfp_mask=0x200da, order=0, oom_adj=0,
Mar 26 12:39:19 46 kernel: [163719.215641] php-cgi cpuset=/ mems_allowed=0
Mar 26 12:39:19 46 kernel: [163719.215648] Pid: 11949, comm: php-cgi Not tainted 2.6.32-642.15.1.el6.x86_64 #1
At this time, the reiki-cursus.nl domain was undergoing a brute force attack;
Top 20 requests
68 “POST /wp-login.php 200
37 “POST //xmlrpc.php 500
12 “POST //xmlrpc.php 200
Most of these were from an IP that isn’t hitting the server anymore (22.214.171.124). To mitigate against this kind of
attack, which will likely recur as wordpress is quite popular, wordpress themselves have a great guide on what to do;
Something like wordpress all in one (https://en-gb.wordpress.org/plugins/all-in-one-wp-security-and-firewall/) , or
wordfence should have tools to help obfuscate these particular pages.
Can Defender help against a brute force attack? Are there specific setting that I need to have on next time?
Thanks in advance.