i tired inputing this on my .htaccess file via SSH but it didn’t work:
<FilesMatch “^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)”>
Order Allow,Deny
Deny from all
#Allow from (our IP – not going to write it here)
deny from compute.amazonaws.com
deny from compute-1.amazonaws.com
</FilesMatch>
the full user host name changed with each lock out.
here is one:
User Hostname: ec2-52-19-14-28.eu-west-1.compute.amazonaws.com
but it always ends in
compute.amazonaws.com
or
compute-1.amazonaws.com
do i have to write my code a bit differently to indicate it is the user name ending in
compute.amazonaws.com
or
compute-1.amazonaws.com
?
thanks
Plugin Author
AITpro
(@aitpro)
Those are just amazon bots crawling your sites and probably not something that you need to do anything about. Is everything working corrrectly? Post one of the BPS Security Log entries so I can take a look at it.
well we get lock outs every time the bots crawl our sites and the clients can’t login.
Plugin Author
AITpro
(@aitpro)
hi, ya it didn’t work.
here is one of the logs. i just took out our info. each one of our sites got around 5 lock outs per day during the last 2 days and we have 20 sites.
A User Account Has Been Locked
To take further action go to the Login Security page. If no action is taken then the User will be able to try and login again after the Lockout Time has expired. If you do not want to receive further email alerts change or turn off Login Security Email Alerts.
What to do if your User Account is locked and you are unable to login to your website: Use FTP or your web host control panel file manager and rename the /bulletproof-security plugin folder name to /_bulletproof-security. Log into your website. Rename the /_bulletproof-security plugin folder name back to /bulletproof-security. Go to the BPS Login Security page and unlock your User Account.
What to do if your User Account is being locked repeatedly: Additional things that you can do to protect publicly displayed usernames, not exposing author names/user account names, etc.: http://forum.ait-pro.com/forums/topic/user-account-locked/#post-12634
Username: ######
Status: Locked
Role: administrator
Email: ########
Lockout Time: February 4, 2016 10:07 pm
Lockout Time Expires: February 4, 2016 11:07 pm
User IP Address: ########
User Hostname: ec2-52-193-52-39.ap-northeast-1.compute.amazonaws.com
Request URI: /wp-login.php
Site: #########
Plugin Author
AITpro
(@aitpro)
BPS Pro comes with a CAPTCHA with a spambot trap that is 100% effective at stopping bot lockouts so look around for a free plugin that does something similar. CAPTCHA’s are the #1 most effective way at stopping automated bot login attempts.
Plugin Author
AITpro
(@aitpro)
Just checking in on your progress. Any luck on stopping these dummies?
Thread Start Date: 1-8-2016
Current Date: 1-15-2016
Plugin Author
AITpro
(@aitpro)
Just checking in on your progress. Any luck on stopping these dummies?
Thread Start Date: 1-8-2016
Current Date: 1-17-2016
Plugin Author
AITpro
(@aitpro)
Assuming all questions have been answered – the thread has been resolved. If the issue/problem is not resolved or you have additional questions about this specific thread topic then you can post them at any time. We still receive email notifications when threads have been resolved.
Thread Start Date: 2-8-2016
Thread Resolved/Current Date: 2-22-2016
