Bruteforce attack from 127.0.0.1?

I've got a very strange problem. Actually my server is being attacked by a brute force on wp-login.php. But when I look into the access log file I see that it's from 127.0.0.1...

www.*.fr:80 127.0.0.1 - - [29/Apr/2015:18:23:01 +0200] "POST /wp-login.php HTTP/1.0" 200 6254 "-" "-"
www.*.fr:80 127.0.0.1 - - [29/Apr/2015:18:23:01 +0200] "POST /wp-login.php HTTP/1.0" 200 6254 "-" "-"
www.*.fr:80 127.0.0.1 - - [29/Apr/2015:18:23:01 +0200] "POST /wp-login.php HTTP/1.0" 200 6254 "-" "-"
www.*.fr:80 127.0.0.1 - - [29/Apr/2015:18:23:01 +0200] "POST /wp-login.php HTTP/1.0" 200 6254 "-" "-"
www.*.fr:80 127.0.0.1 - - [29/Apr/2015:18:23:01 +0200] "POST /wp-login.php HTTP/1.0" 200 6254 "-" "-"
www.*.fr:80 127.0.0.1 - - [29/Apr/2015:18:23:01 +0200] "POST /wp-login.php HTTP/1.0" 200 6254 "-" "-"
www.*.fr:80 127.0.0.1 - - [29/Apr/2015:18:23:01 +0200] "POST /wp-login.php HTTP/1.0" 200 6254 "-" "-"
www.*.fr:80 127.0.0.1 - - [29/Apr/2015:18:23:02 +0200] "POST /wp-login.php HTTP/1.0" 200 6254 "-" "-"

I don't know what to do to stop that because by default fail2ban doesn't scan 127.0.0.1.

Do you have any idea ?

THanks !

Topic heartbeat-api hacked Wordpress

Category Web

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.