webom
By:
webom

Digital Ocean Ips hacking my site searching for wp-login from a various ip list of digital ocean

September 1, 2017 258 views
System Tools DigitalOcean CentOS

Hello Digital Ocean,

From last several days a list of various digital ocean ips are giving hits on my dedicated server on page wp-login.php, xmlrpc.php & other pages and the site is not using wordpress at all.
Ips:
162.243.162.24
46.101.18.90

165.227.56.183 # Manually denied: 165.227.56.183 (US/United States/zig-crw-1504255563.1212) - Fri Sep 1 09:00:26 2017

67.207.92.28 # Manually denied: 67.207.92.28 (US/United States/zig-crw-1504245325.2423) - Fri Sep 1 06:48:23 2017

107.170.192.92 # Manually denied: 107.170.192.92 (US/United States/zig-crw-1504248742.2716) - Fri Sep 1 07:04:40 2017

165.227.92.100 # Manually denied: 165.227.92.100 (US/United States/zig-crw-1504248723.4785) - Fri Sep 1 07:05:11 2017

46.101.14.54 # Manually denied: 46.101.14.54 (GB/United Kingdom/zig-crw-1504241902.2201) - Fri Sep 1 05:06:38 2017

139.59.7.252 # Manually denied: 139.59.7.252 (IN/India/zig-crw-1504118782.3618) - Wed Aug 30 19:40:31 2017

165.227.22.75 # lfd: (CT) IP 165.227.22.75 (US/United States/zig-crw-1503821044.0411) found to have 116 connections - Sun Aug 27 08:06:52 2017

139.59.187.99 # lfd: (CT) IP 139.59.187.99 (GB/United Kingdom/zig-crw-1503821222.4455) found to have 136 connections - Sun Aug 27 08:09:51 2017

162.243.158.65 # lfd: (CT) IP 162.243.158.65 (US/United States/zig-crw-1503763082.6025) found to have 161 connections - Sat Aug 26 16:00:52 2017

192.241.198.212 # lfd: (CT) IP 192.241.198.212 (US/United States/zig-crw-1503687843.4358) found to have 108 connections - Fri Aug 25 19:08:11 2017

165.227.82.201 # lfd: (CT) IP 165.227.82.201 (US/United States/zig-crw-1503667083.6006) found to have 110 connections - Fri Aug 25 13:20:38 2017
165.227.107.27 # lfd: (CT) IP 165.227.107.27 (US/United States/zig-crw-1503673923.1553) found to have 140 connections - Fri Aug 25 15:15:48 2017
165.227.63.223 # lfd: (CT) IP 165.227.63.223 (US/United States/zig-crw-1503674163.4507) found to have 130 connections - Fri Aug 25 15:20:47 2017

138.68.176.30 # lfd: (CT) IP 138.68.176.30 (GB/United Kingdom/zig-crw-1503656823.1317) found to have 150 connections - Fri Aug 25 10:31:32 2017
139.59.84.110 # lfd: (CT) IP 139.59.84.110 (IN/India/zig-crw-1503657063.4773) found to have 130 connections - Fri Aug 25 10:36:04 2017
139.59.125.16 # Manually denied: 139.59.125.16 (SG/Singapore/zig-crw-1503660483.0719) - Fri Aug 25 11:35:44 2017

107.170.250.139 # lfd: (CT) IP 107.170.250.139 (US/United States/zig-crw-1503653404.3782) found to have 140 connections - Fri Aug 25 09:31:59 2017

and more..

This is making site to go offline and a huge load on server and every time a new ip attacks and all these ips belongs to you.

Please have a look into this.

Thanks & Regards.

2 Answers

Pretty pointless posting it here, this is the community not your abuse/technical support.
Create a support ticket or email abuse@digitalocean.com.

Wordpress hackers are everywhere. I don't run wordpress and get the same nonsense, and very little from Digital Ocean. Basically you will need to harden your web server to give the wordpress hackers a time out. Fail2ban for instance.

I have code in my webserver not to reply to any of the typical wordpress hacker requests. Unfortunately the hacker code is written so poorly that even if you do not reply, they keep requesting. Now the first step in fail2ban is to trap these wordpress hackers. Once you have them clearly delineated in the web server log, you can use fail2ban to filter them IP.

Have another answer? Share your knowledge.