Vesta Control Panel - Forum

Hello,

I'm running Vesta on a micro droplet from DO, and I I love it. Super absolutely awesome. Fast, and concise. So, I have a disturbing trend, which is someone attempting to brute force my wordpress sites, and the firewall identifies the origin IP as the server IP.

That scares me, and I'm not sure how to identify the vulnerability. I'm assuming I left off an important security measure, as the install was so quick an easy, I didn't give it much thought. Should I change my SSH port, or somehow alter the root ID from 'root'?

What can I do to get this hacker out of my awesome Vesta install. It's great! Another fine application from Russian devs, thank you!

Regards,
Adam

Hi Adam,

Are you using a security plugin like Wordfence? I had a similar problem where it was showing every visitor's IP as the server's hostname. So every "hacking" login attempt was essentially locking me out.

I had to follow this post in order to get the correct IP's showing up: viewtopic.php?f=10&t=6650#p20197

Might not be your problem - but worth checking your logs to make sure.

Good luck :)

Cheers
Louis

Thanks, I just gave that fix a try! Really appreciate the reply, I think that seems a likely candidate for my solution. Will report back after I see the effects of the change.

Marking this resolved, thanks again.