Hacker IP addresses
For some time now I have been running Better WP Security on several sites.
One of the many excellent features of this plugin is to alert on requests for non-existent files. Every 404 is listed along with date and IP address.
404 requests fall into three categories –
- Files that have been moved or deleted
- Typos
- Files that have never existed and are obvious attempts to gain entry into the backend of the site
The last category is the one that interests me. The files that have been sought are for example, /signup.php, /register.php and /join.php. Other examples are presumably searches for known vulnerabilities in various plugins which I don’t even use.
I have been collecting the IP addresses of all the 404 logs and have added them to the Banned User lists within Better WP Security. Incidentally, the latter has a nice feature that whenever an IP is added to the list, it automatically sorts the list and removes duplicates.
One thing I noticed was that a very high percentage of IP addresses were allocated to the Fujian Provence of China. I have therefore added wild cards to my list to eliminate as many of their addresses as possible, particularly where a class of address frequently occurs.
I have uploaded a text file of these IP addresses if anyone is interested. It can be used to populate your own version of Better WP Security, your .htaccess file or any other plugin that bans visitors such as No Soup.
Thanks for this. I've installed Better WP Security and put your list in the Banned Hosts area, correct?Now I'll watch as my traffic plummets.
I am in the process of trying a little experiment. I have set up a little "welcome" site and am redirecting hackers to it, just to let them know they have been nabbed. It's not quite live yet as I have a few more tests to run (don't want to send legitimate users there!).
forgot to subscribe to comments.
Don't we all?!