We monitored a brute force attack in progress against a website, and responded by actively engaging in a real-time defence against the attacker.
- A remote attacker was attempting to brute force attack a wordpress website via the file XMLRPC.php.
- The attackers IP was blocked but soon after they began a second wave from 2 new IP addresses.
- Modifications were made to the websites apache configuration to block all remote access to the file XMLRPC.php.
- Once the file was no longer accessible, the attacker soon gave up trying to access the file and the attack ceased.
- Apache modifications to block remote access to the file XMLRPC.php were maintained as this did not have an impact on the websites operation.
- Client: <<Confidential>>
- Classification: Cybersecurity
- Type: Hacking Defence
- Technology: LAMP