{"id":675,"date":"2013-04-10T23:07:15","date_gmt":"2013-04-10T16:07:15","guid":{"rendered":"http:\/\/whplus.com\/blog\/?p=675"},"modified":"2013-04-10T23:07:15","modified_gmt":"2013-04-10T16:07:15","slug":"find-ip-has-attacked-wp-login","status":"publish","type":"post","link":"https:\/\/www.whplus.com\/blog\/2013\/04\/10\/find-ip-has-attacked-wp-login.html","title":{"rendered":"Find IP has attacked wp-login"},"content":{"rendered":"<p>This shell command can be used on cPanel servers and does the following:<br \/>\n&#8211; Scans all access log files for IP addresses which sent a POST request to all wp-login.php files on all domains\/subdomains\/addon domains on the server during the last 24 hours<br \/>\n&#8211; It groups and sorts all the IP addresses, based on the number of POST requests they sent<\/p>\n<p>So if you see that an IP address has sent an abnormal number of POST requests to wp-login.php files, you can ban it from your firewall. From our experience and stats, a normal number of POST requests to wp-login.php files from a single IP address is 4-5 per day. Anything above 15 is suspicious.<\/p>\n<blockquote><p>grep -R &#8220;wp-login.php&#8221; \/usr\/local\/apache\/domlogs\/* | grep &#8220;POST&#8221; | awk -F: &#8216;{ print $2 }&#8217; | awk &#8216;{print $1}&#8217; | sort | uniq -c | sort -n<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>This shell command can be used on cPanel servers and does the following: &#8211; Scans all access log files for IP addresses which sent a POST request to all wp-login.php files on all domains\/subdomains\/addon domains on the server during the last 24 hours &#8211; It groups and sorts all the IP addresses, based on the\u2026 <span class=\"read-more\"><a href=\"https:\/\/www.whplus.com\/blog\/2013\/04\/10\/find-ip-has-attacked-wp-login.html\">Read More &raquo;<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-675","post","type-post","status-publish","format-standard","hentry","category-tutorial"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/posts\/675","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/comments?post=675"}],"version-history":[{"count":1,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/posts\/675\/revisions"}],"predecessor-version":[{"id":676,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/posts\/675\/revisions\/676"}],"wp:attachment":[{"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/media?parent=675"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/categories?post=675"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/tags?post=675"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}