[Durham] WordPress failed login mystery

Dougie Nisbet dougie at katsura.uk
Sun Mar 22 10:15:34 UTC 2020 

Well I thought I was on to something when I found some webpages 
referencing some config changes in .htaccess from apache 2.2 to apache 
2.4 and modified my .htaccess file accordingly.

At the moment it looks a bit like this:

<RequireAll>
AuthName "my site"
AuthType Basic
AuthUserFile <myauthfile>
Require valid-user
</RequireAll>

but I'm still getting things like this in the WordPress history:


Anonymous user from 208.113.162.0 9:52 am (7 minutes ago)
Failed to login with username "dougie" (incorrect password entered) warning
Showing 72 more

     Anonymous user from 216.10.250.0 9:43 am (15 minutes ago)
     Failed to login with username "dougie" (incorrect password entered) 
warning
     Anonymous user from 36.92.1.0 9:34 am (24 minutes ago)
     Failed to login with username "dougie" (incorrect password entered) 
warning
     Anonymous user from 93.93.129.0 9:32 am (27 minutes ago)
     Failed to login with username "dougie" (incorrect password entered) 
warning
     Anonymous user from 104.236.75.0 9:23 am (35 minutes ago)
     Failed to login with username "dougie" (incorrect password entered) 
warning
     Anonymous user from 5.196.65.0 9:15 am (43 minutes ago)
     Failed to login with username "dougie" (incorrect password entered) 
warning
     Anonymous user from 46.235.225.0 9:12 am (about an hour ago)
     Failed to login with username "dougie" (incorrect password entered) 
warning
     Anonymous user from 157.245.13.0 9:06 am (about an hour ago)
     Failed to login with username "dougie" (incorrect password entered) 
warning
     Anonymous user from 159.89.183.0 8:56 am (about an hour ago)
     Failed to login with username "dougie" (incorrect password entered) 
warning

Some (but not all) of these entries *seem* to correspond to entries in 
the apache error log. e.g.

[Sun Mar 22 09:34:47.686427 2020] [access_compat:error] [pid 20339] 
[client 36.92.1.31:40506] AH01797: client denied by server 
configuration: /var/www/katsura.uk/xmlrpc.php
[Sun Mar 22 09:37:56.952654 2020] [access_compat:error] [pid 20336] 
[client 46.235.225.189:37530] AH01797: client denied by server 
configuration: /var/www/katsura.uk/xmlrpc.php
[Sun Mar 22 09:43:31.420134 2020] [access_compat:error] [pid 26248] 
[client 216.10.250.107:50212] AH01797: client denied by server 
configuration: /var/www/katsura.uk/xmlrpc.php
[Sun Mar 22 09:52:08.240111 2020] [access_compat:error] [pid 26248] 
[client 208.113.162.87:42290] AH01797: client denied by server 
configuration: /var/www/katsura.uk/xmlrpc.php
[Sun Mar 22 09:55:07.406225 2020] [access_compat:error] [pid 20339] 
[client 93.93.129.174:58464] AH01797: client denied by server 
configuration: /var/www/katsura.uk/xmlrpc.php
[Sun Mar 22 10:02:04.728567 2020] [access_compat:error] [pid 20340] 
[client 51.77.223.62:43546] AH01797: client denied by server 
configuration: /var/www/katsura.uk/xmlrpc.php

 From what I've googled, I've a feeling this might still be something to 
do with the contents of my .htaccess file.

Dougie

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/durham/attachments/20200322/830d7e3b/attachment.html>

More information about the Durham mailing list