Message Board

Newbie/Basic Questions

Older Posts ]   [ Newer Posts ]
 /wp-login.php or /phpmyadmin good location??
Author: M.Richter3   (22 Mar 14 8:01pm)
Hi,

I see in my logs, that malicious people/bot try to access /wp-login.php or /phpmyadmin and others. Now my question is, can I set a

"Redirect permanent /wp-login.php /linktomyhoneypot.php"??

I think it is a good idea. A human (must be a heck of a typo) will notice, that he is on the wrong site and a bot may try to fill out the hidden form, hence blacklisting himself.

What do you think?
Thanks
 
 Re: /wp-login.php or /phpmyadmin good location??
Author: H.User1325   (22 Mar 14 9:31pm)
I don't know. a bot looking for those applications is looking for a way into your system to compromise your domain. That is a different objective than a scraper/harvester looking for email addresses or a comment spammer.

I guess my question is how many of the directory attack attempts do you plan on redirecting? Taking a quick look a my logs for this month I see:

50 some var of phpmyadmin looking for different versions i.e. phpmyadmin-2.6.4.pl4, phpmyadmin-2.6.4.pl3, phpmyadmin-2.6.4.pl1, phpmyadmin-2.6.5, etc.

admin/ mysqladmin/ dbadmin, xampp/ pma/ _phpmyadmin/ //administrator/ ...

several var of wordpress; wp-login.php wp-signup wp-traceback and others.

And this goes on for some 600 different entries in the log.

I'm just saying that seems like a hard was to do business. I would think making sure my system was clean with no extra files laying around would be a better use of time.

JMHO
 
 Re: /wp-login.php or /phpmyadmin good location??
Author: S.Byrne   (25 Jun 14 2:41am)
If you're not running WordPress, I think redirecting /wp-login.php is worth doing. The /wp-login.php link is used to register to post a comment on many WordPress installations, so spammers are likely to test this to try registering, particularly if their spider can't find any registration link on the site (e.g. a site that does not allow registration).

I think the same holds true for Joomla sites. On one blog I look after, I actually placed the honey pot on /administrator and put fake 'Register' links on the site pointing to it, using CSS to hide the links. This did a double-purpose, it catches any bot trying to register (the blog doesn't allow registration anyway) and reduced the number of 404 errors in the logs as this link was fairly often tested, probably because the blog use to be a Joomla site which used that URL for login.



do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–17, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email