I installed my WordPress blog only 7 days ago. I never shared the link cause it’s kinda my private experiment for fun. But it’s been a second day someone is atacking my website. It’s a simple attack – password guessing– and there is no chance for attacker to succeed as I’m not there old granny and use randomly generated passwords. Anyway it’s exciting to be part of this cruel world!
Sucuri plugin logs failed logins, so I’m able to see there IP-address (well, gateway). According to ip-www.net it’s Russian Federation. Saint Petersburg City if to be precise. Wow! Rumors don’t lie that russian hackers are everywhere 😀
The easiest thing would be to block there access to my IP. But AWS security groups are always permissive. So the only cheap way is to drop there packets using iptables:
sudo iptables -I INPUT -s 18.104.22.168 -j DROP
I googled help on StackOverflow 🙂
If you want to restore your firewall rules during reboot, then don’t forget to call iptables-save!