apache's mod_security comes in pretty handy for reducing the cpu load caused by these attacks; we've seen many sites we host getting hammered on the wp-login.php page from these bots.
Here's the rules that block the bad requests: https://docs.google.com/document/d/1wCpp7U5uOw_krEkQrm9NXFf2LjpGvlZ7uoOK 0Ok4LGM/pub David > -----Original Message----- > From: Damian Menscher [mailto:dam...@google.com] > Sent: Monday, April 15, 2013 7:17 AM > To: Steve > Cc: nanog@nanog.org > Subject: Re: [ PRIVACY Forum ] Huge attack on WordPress sites > > FYI, the "new" part of this news is that the current botnet > is 10x larger > than the one you're thinking of. > > Damian > > > On Sat, Apr 13, 2013 at 5:39 AM, Steve <angst1...@yahoo.com> wrote: > > > This is pretty old news , this "super bot-net" of > compromised Wordpress > > sites ( and others) has been attacking since September > > > > Sent from my iPhone > > > > ONANOG Digest, > > > ************************************* > > > > > >
