Constant Lockdown Events

  • Resolved Jonah1968

    (@jonah1968)


    10 years, 7 months ago

    Constant Lockdown Events

    I have the free All In One WP Security and Firewall plugin.

    Great plugin guys.

    However:-

    I am getting multiple lockdown notifications from multiple IP address attempts at accessing my websites.

    Most attempts are through using the ‘Admin’ login, which none of my sites have. (WordPress needs to actively prevent ‘Admin’ from being used by anyone).

    However, many login attempts are also using my admin username, which has been changes multiple times also?

    I am blacklisting these IP addresses but this only seems to be a temporary measure as the lockdowns continue to happen.

    I appreciate that the All In One Plugin is doing its job (and it is) but how are they managing to find and attempt to login using my username, which has been changed multiple times already? Where are they managing to get this from?

    I use a password generator and change them frequently so the chances of them getting through is slim but my usernames are not easy to figure out but they are managing to do this. How?

    This is just a sample of the IP addresses that are trying to log in using Admin or username:-

    178.217.187.39
    96.47.226.20
    78.108.63.46
    193.34.116.18
    188.138.9.49
    94.242.246.23
    89.31.57.5
    109.163.234.4
    62.210.105.116
    107.181.174.84
    37.48.109.138
    92.222.28.243
    94.242.228.187
    129.123.7.6
    85.10.210.199
    178.63.97.34
    194.150.168.95
    212.47.226.136
    176.10.99.201
    185.17.144.138
    46.165.230.5
    106.185.38.*
    176.9.25.*
    213.252.140.*
    37.130.227.*
    46.29.248.*
    62.210.37.*
    85.10.210.*
    91.200.12.*
    91.200.12.138
    91.200.12.139
    91.210.145.*
    91.210.145.246
    91.210.146.*
    91.210.146.73
    91.210.147.*
    91.210.147.10
    106.185.38.*
    176.9.25.*
    213.252.140.*
    37.130.227.*
    46.29.248.*
    62.210.37.*
    85.10.210.*
    91.200.12.*
    91.200.12.138
    91.200.12.139
    79.98.107.*
    89.234.157.254
    176.10.99.200
    185.14.29.221
    37.187.129.166

    Quite alarming that some people have nothing better to do!

    Can the wordpress community do something about these IP addresses?

    I have used the function within the All In One plugin to blacklist them all.

    Is that the right thing to be doing?

    What else can be done?

    There is no reason, other than fraud and criminal activity, why anyone should be attempting to login through the backend of any website or blog. .

    Additionally, I have changed my admin login url through the plugin so it doesn’t use the standard wp-admin format. So how are they managing to even access and open the wordpress login page?

    Admittedly, before installing this plugin I had no way of knowing that these attacks where happening so frequently. The annoyance is the email notifications that I am getting. Dozens per day.

    https://ww.wp.xz.cn/plugins/all-in-one-wp-security-and-firewall/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    10 years, 7 months ago

    Hi have you enabled any of the Brute Force features?

    Thread Starter Jonah1968

    (@jonah1968)

    10 years, 7 months ago

    Hi, thanks for the prompt response.

    Under the ‘Brute Force’ heading I had enabled;-

    Renamed Login Page Settings
    Login Captcha
    Honey Pot

    I had not enabled the ‘Cookie Based Brute Force Function’ because I had already enabled the ‘Rename Login Page’ function.

    I have now enabled the ‘Cookie Based Brute Force Function’ which has automatically disabled the ‘Rename Login Page’ function.

    Seems that the ‘Rename Login Page’ function is a redundant function given that it didn’t do what it was supposed to do given that whoever was attempting to login was able to access the wp-login page regardless of me renaming that page.

    Plugin Contributor mbrsolution

    (@mbrsolution)

    10 years, 7 months ago

    Hi you might also want to enable the following Enable Pingback Protection: under Firewall tab.

    Both Brute Force features do protect people from accessing the login page. Most of the time it is the Enable Pingback Protection: feature not enabled that allow people to find an open door.

    If your issue is now resolved can you mark this support thread as resolved.

    Thank you

    Thread Starter Jonah1968

    (@jonah1968)

    10 years, 7 months ago

    Thanks, will enable the Pingback function too.

    Resolved

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Constant Lockdown Events’ is closed to new replies.