Page 1 of 1

WordPress Hacking Attempt from localhost

Posted: Fri Dec 11, 2015 9:56 pm
by indiadamjones
Hello,

I'm running Vesta on a micro droplet from DO, and I I love it. Super absolutely awesome. Fast, and concise. So, I have a disturbing trend, which is someone attempting to brute force my wordpress sites, and the firewall identifies the origin IP as the server IP.

That scares me, and I'm not sure how to identify the vulnerability. I'm assuming I left off an important security measure, as the install was so quick an easy, I didn't give it much thought. Should I change my SSH port, or somehow alter the root ID from 'root'?

What can I do to get this hacker out of my awesome Vesta install. It's great! Another fine application from Russian devs, thank you!

Regards,
Adam

Re: WordPress Hacking Attempt from localhost

Posted: Sat Dec 12, 2015 10:13 am
by LouisUK
Hi Adam,

Are you using a security plugin like Wordfence? I had a similar problem where it was showing every visitor's IP as the server's hostname. So every "hacking" login attempt was essentially locking me out.

I had to follow this post in order to get the correct IP's showing up: viewtopic.php?f=10&t=6650#p20197

Might not be your problem - but worth checking your logs to make sure.

Good luck :)

Cheers
Louis

Re: WordPress Hacking Attempt from localhost

Posted: Tue Dec 15, 2015 4:39 am
by indiadamjones
Thanks, I just gave that fix a try! Really appreciate the reply, I think that seems a likely candidate for my solution. Will report back after I see the effects of the change.

[RESOLVED] WordPress Hacking Attempt from localhost

Posted: Tue Dec 15, 2015 6:01 pm
by indiadamjones
Marking this resolved, thanks again.