Cron Job For Email

Avatar
  • updated
  • Answered
I read a post somewhere on this site about brute force attacks on WordPress sites and followed some directions for sending a daily log, but I misconfigured the job. Now I cannot find either the post or the entry point on cpanel to correct my error.
The subject line of the daily email is "egrep "POST .*wp-login.php" ~/access-logs/chaindriven.net | awk '{print $1,$4,$5,$6,$7,substr($0, index($0,$12))}' | awk '{print $1}' | sort -n | uniq -c | sort -n | sed 's/[ ]*//'"
and I am pretty sure my mistake is that I put the site path in incorrectly. Can you orient me please?
Thanks,
Avatar
IMH Support Agent 2

Hello!

Sorry for the issue with the CRON job!  I took a close look and found the article you're referring to.  The file structure containing the log file is now called LOGS.  Also all files in there are automatically compressed as GZIP files.  Change "access-logs" to "logs" (no quotation marks) and see if the CRON works.  I wasn't 100% sure that the compressed file could be searched with the provided REGEX command, but try it first.  If you continue to have problems, submit a ticket to our live technical support team.  I will also have the code checked to make sure that it still applies.  

Avatar
site visitor

Returned to my previous post with the same question once again.  Found the answer after much searching of the site.  Posting for the next person's sake.  Jeff--thanks but that's not what i was asking. 
 
Link is: https://www.inmotionhosting.com/support/edu/wordpress/review-wordpress-login-attempts/  
scroll down to the section on "Setup a cronjob to email WordPress login attempts" to see what i as asking about. 
likewise, I found that link off of this page: https://www.inmotionhosting.com/support/edu/wordpress/wp-login-brute-force-attack/  

Avatar
JeffMa
Thanks for your question about cron job for email. This script alone will be able to display any login attempts to your wp-login.php file, but will not send any emails out. To send an email with the IP addresses of any WordPress logins, you'll want to use something like this:

egrep "POST .*admin-ajax.php" ~/access-logs/example.com | awk '{print $1,$4,$5,$6,$7,substr($0, index($0,$12))}' | awk '{print $1}' | sort -n | uniq -c | sort -n | sed 's/[ ]*//' | mail -s "Report" [email protected]

Of course, be sure to replace [email protected] with the email address that you want it sent to. One other addition that I recommend in this script would be to use grep -v to filter our your own IP address. This can be accomplished like this:

egrep "POST .*admin-ajax.php" ~/access-logs/example.com | grep -v 123.123.123.123 | awk '{print $1,$4,$5,$6,$7,substr($0, index($0,$12))}' | awk '{print $1}' | sort -n | uniq -c | sort -n | sed 's/[ ]*//' | mail -s "Report" [email protected]