[Qgis-developer] wordpress attacks ?

Milo van der Linden milo at dogodigi.net
Wed May 29 14:43:14 PDT 2013


Allowing login over http is a bad idea....

I used this (for the opengeogroep website):

http://codex.wordpress.org/Hardening_WordPress

And made sure my wp-admin cannot be in any way accessed over http:
http://codex.wordpress.org/Administration_Over_SSL


You may also consider setting up a tarpit, but that is not something
for the faint at heart and it depends on your distro what is possible:
http://en.wikipedia.org/wiki/Tarpit_%28networking%29

2013/5/29 Richard Duivenvoorde <rdmailings at duif.net>:
> Hi Devs,
>
> most qgis-related blogs I see are running wordpress (I think).
>
> I just put www.qgis.nl to a new server, and looked at the acces logs.
>
> It is horrifying (see http://www.duif.net/wp.png ). Every second (probably)
> scripts try to login via the wp_admin page.... See the screendump, all
> different IP adresses, more then every second...
>
> Am I the only one with this problem?
>
> Someone a solution for this?
>
> Regards,
>
> Richard Duivenvoorde
> _______________________________________________
> Qgis-developer mailing list
> Qgis-developer at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/qgis-developer


More information about the Qgis-developer mailing list