Cerber doesn't enter Citadel Mode

  • Resolved Kadal

    (@kadal)


    10 years, 4 months ago

    Hi, I like the plugin but today something weird is happening.

    In the last four hours I had over 100 attempted logins. Cerber sends me a notification that the number of blocked IPs went up with each attempt. That’s ok so far.

    My initial setting for entering the citadel mode was 100 attempts in 180 minutes. Since the attempts are more strethed out, during the attack I changed it to 3 attempts during 180 minutes. That didn’t help. No citadel mode 🙁 Any advice? The attacks come from different IPs, I guess that’s what’s called a botnet.

    The citadel mode isn’t enabled means I get no notification email about it and if I try to access the admin-panel with a different IP than the one I’m logged in from, it works too.

    I’m running the latest version of the plugin (1.8.1.).

    Thanks already & best regards
    Alex

    https://ww.wp.xz.cn/plugins/wp-cerber/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author gioni

    (@gioni)

    10 years, 4 months ago

    Hi Kadal!

    That’s really weird.
    First of all, please make sure that you didn’t put IPs of attacker in the Black IP Access List. All attempts to log in from IPs in this list can’t make Citadel Mode active.
    Then, please make sure that you see all failed attempts marked as Locked out on the Activity tab within time frame you have set for Threshold.
    Finally, you can set Threshold to low value (1/30) and then generate failed attempts manually. Will it work?

    Thread Starter Kadal

    (@kadal)

    10 years, 4 months ago

    Hi Gioni,

    thanks for the quick response! The IPs are not on the Black IP Access List, so that’s not the problem.

    But all IPs are shown as “IP blocked” in the “Activity” tab. None of them is shown as “Locked out”. In the tab Lockouts the IPs are shown though.

    A weird thing is anyway, that in the last two columns of the “Activity” tab, “Local user” and “Username used”, there are no entries, for none of them.

    I tried manually via my mobile connection now with two different IPs and was able to initiate the citadel mode after the third time. So maybe the problem solved itself..? Don’t really get it. I will watch the alarm for new blocked IPs and will get beck to you once I see if the citadel also activates for these attacks.

    Thanks a lot and have a good start in the week!
    Alex

    Plugin Author gioni

    (@gioni)

    10 years, 4 months ago

    Glad to hear that! There is some notes.
    “IP blocked” means action taken by the plugin when remote IP did something that is prohibited in the settings of the plugin.
    “Locked out” means that IP tried to do something while it was in the blocked status (you can see these IPs on Lockouts tab).
    If you don’t see any name in the “Local user” and “Username used” columns that means that IP tried get access to wp-login.php, but it was blocked.
    Best wishes for your future!

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Cerber doesn't enter Citadel Mode’ is closed to new replies.