Limiting Login Attempts?

Resolved newvisionmedia
(@newvisionmedia)

9 years, 8 months ago

Hi,

Recently we’ve been receiving Brute force attacks via XML-RPC on one of our client’s websites. We’ve now added in the XML-RPC bonus code.

When reading up about it, we came across a recommendation of limiting the login attempts to the website. We therefore wondered if the BPS plugin has a feature to limit the amount of login attempts from an IP Address, to prevent future Brute Force attacks on other files?

Thanks in advance,
Jade.

Viewing 4 replies - 1 through 4 (of 4 total)

Plugin Author AITpro
(@aitpro)

9 years, 8 months ago

You can use this POST Attack Protection Bonus Custom Code here: http://forum.ait-pro.com/forums/topic/post-request-protection-post-attack-protection-post-request-blocker/ Please read that forum topic thoroughly because that Bonus Custom Code could block legit things.

You can use this IP based Login protection code here (or a variation of the code): http://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/ but keep in mind that if you use that code then other folks will be blocked from being able to register, login, post comments, etc.
Thread Starter newvisionmedia
(@newvisionmedia)

9 years, 8 months ago
Hi,

Many thanks for the fast response, we really appreciate it. We’ve now added the coding to our site and will monitor the logs.

Whilst doing so, we took a look at recent error logs. We have numerous log entries that are similar to this one:
```
[403 GET Request: September 14, 2016 1:40 pm]
Event Code: PSBR-HPR
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 81.130.145.179
Host Name: host81-130-145-179.in-addr.btopenworld.com
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP: 
HTTP_FORWARDED: 
HTTP_X_FORWARDED_FOR: 
HTTP_X_CLUSTER_CLIENT_IP: 
REQUEST_METHOD: GET
HTTP_REFERER: 
REQUEST_URI: /wp-content/plugins/bulletproof-security/403.php
QUERY_STRING: 
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
```
All of the “REQUEST_URI” are leading to “/wp-content/plugins/bulletproof-security/403.php” just interested to know what this means? Or if anything is our of the ordinary?

Thanks,
Jade.
Plugin Author AITpro
(@aitpro)

9 years, 8 months ago
Typically if the Request URI shows the path to the 403.php logging template then something is setup/installed on your site to do some sort of “auto-posting”. So no it is not “normal” for the Request URI to be the path to the 403 logging template. It looks like you cannot use the POST Attack Protection Bonus Custom Code on this site and will have to delete it.
- This reply was modified 9 years, 8 months ago by AITpro.
Plugin Author AITpro
(@aitpro)

9 years, 8 months ago
Assuming all questions have been answered – the thread has been resolved. If the issue/problem is not resolved or you have additional questions about this specific thread topic then you can post them at any time. We still receive email notifications when threads have been resolved.
- This reply was modified 9 years, 8 months ago by AITpro.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Limiting Login Attempts?’ is closed to new replies.

Tags