|Google's public DNS server is trying to "hack" my site?||AA1974||11/13/12 11:41 PM|
I've read the FAQs and the searched the help center.
My URL is:
I have a Wordpress site. It has the Wordfence plugin installed and activated.
One of the features of Wordfence is that it notifies you when someone tries and fails to login to your site.
If they're successful, you get a warning that someone logged in, and that they're an admin for instance.
Well on November 5th, I got one of those "failed" emails:
[Wordfence Alert] User locked out from signing in
This alert was generated by Wordfence on “Archaic Arcane” at Monday 5th of November 2012 at 11:20:53 PM
A user with IP address 220.127.116.11 has been locked out from the signing
in or using the password recovery form for the following reason: Used an
invalid username to try to sign in.
As you can see, this is Google’s public DNS…..
I posted first on the Wordfence forums: https://www.wordfence.com/forums/topic/google-dns-just-tried-to-log-into-my-site/ to see if anyone had any insight, or if anyone else had seen this behaviour.
A handful of other people have seen it, and are bothered by it.
One person said that they had 10 attempts before the software locked that same IP out. I have my software set up to punt someone like that after one failed attempt.
It's simply not cool to attempt to crack a website's Admin password, and that appears to be what this traffic is trying to do. And I'm pretty sure Google knows better than this.
I guess my question is, why is someone, or something originating at a google IP address, for a DNS server yet, that does not seem to be a crawler, trying to log into the admin area of my and other people's websites?
This is not crawling. Crawling doesn't trigger these emails, only login attempts.
I can supply weblogs for the timeframe in question.
Does anyone have any insight into this?
|Re: Google's public DNS server is trying to "hack" my site?||Robbo||11/14/12 2:49 AM|
Have you checked who User IP: 18.104.22.168 actually belongs to? Best to use an independent reverse IP checking tool for that.
|(unknown)||11/14/12 4:35 AM||<This message has been deleted.>|
|Re: Google's public DNS server is trying to "hack" my site?||Kevin Graham||11/14/12 4:40 AM|
Same happened on my site about 10:00 last Saturday evening. User from 22.214.171.124 attempted log in until my software locked them out. This is very unsettling to know that this points back to Google. I informed Google through an email to securityatgoogle.com. I have not heard anything back yet. It would be appreciated to at least get some response back.
***NOTICE OF CONFIDENTIALITY: This message
contains confidential information and is intended only for the individual or
|Re: Google's public DNS server is trying to "hack" my site?||Lysis||11/14/12 4:43 AM|
It's probably someone spoofing.
|Re: Google's public DNS server is trying to "hack" my site?||Becky Sharpe||11/14/12 6:12 AM|
|Re: Google's public DNS server is trying to "hack" my site?||JohnMu||11/14/12 7:10 AM|
Thanks for posting! Unfortunately, this falls a bit outside of the range of web-search issues that we cover here. My recommendation would be to post in the Google public DNS forums at https://developers.google.com/speed/public-dns/groups , where their engineers are generally quick in following up on issues that are reported there.
Hope it helps!
|Re: Google's public DNS server is trying to "hack" my site?||AA1974||11/14/12 1:25 PM|
Thanks John, I will redirect my query there.
|Re: Google's public DNS server is trying to "hack" my site?||AA1974||11/14/12 1:27 PM|
It's quite well known that 126.96.36.199 is google's public DNS server.
Or did I miss what you were saying?