[clue] WordPress login scanners?
Michael J. Hammel
mjhammel at graphics-muse.org
Wed May 8 11:52:14 MDT 2013
On Wed, 2013-05-08 at 11:09 -0600, Bruce Ediger wrote:
> I see the WordPress scanners "logging in", and then accessing the fake
> dashboard with cookies that my login page sets, but they don't do any
> more than that wp-admin access.
I'm guessing, but a scanner just looks for attack vectors. They collect
addresses for open sites, then sell those to others who have specific
purposes. Or maybe just use it for research purposes, like the guy who
found all those open routers with default passwords.
What I'd like to see for Wordpress is Akismet logging the IP address of
spam comments and, after a configurable number of violations, banning
the IP address automatically from future comments. I get an awful lot
of spam comments. I can clean them out easily enough, but it would be
nice to have an automated ban mechanism. I don't care much about
getting comments anyway.
--
Michael J. Hammel <mjhammel at graphics-muse.org>
More information about the clue
mailing list