multiple login failed attempts (again)

  • Resolved AlphaGeekYVR

    (@alphageekyvr)


    10 years, 12 months ago

    We recently installed WP Ops brute force on a site that now intermittently says the admin user is banned due to “multiple login failed attempts”. The thing is, this is happening to two admins logging on from different IP’s. Can you tell me if the plug-in doesn’t care about IP address but only the userid being attempted? If that’s the case, the plugin has a serious bug… you should ban based on a given IP address’s login attempts. I am pretty sure that the site is being attacked sporadically but I only see 50 records matching ‘_transient_wpso_bfp_%’ or ‘_transient_timeout_wpso_bfp_%’ in the wp_options table. NONE of these records match my IP address however at the moment so can you tell me if once the lock-out expires, the record is flushed from wp_options? Finally, IMHO (and this is a WP issue I suspect) the wp_options records really should have a time-stamp to tell you when some IP was banned – that would be very helpful. Thanks in advance for your response.

    https://ww.wp.xz.cn/plugins/bulletproof-security/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author AITpro

    (@aitpro)

    10 years, 12 months ago

    What is “WP Ops brute force”? The BPS plugin does not have/display this message/text “multiple login failed attempts”. I think maybe you posted in the wrong plugin support forum. I can answer general questions about other plugins if I have experience with them, otherwise you would get better results by asking the plugin author about that plugin.

    Plugin Author AITpro

    (@aitpro)

    10 years, 12 months ago

    User ID’s are much better to check against vs IP addresses. User ID’s per site are finite. IP addresses are basically infinite. ie there are billions of IPv4 addresses vs a finite number of User ID’s per site.

    https://en.wikipedia.org/wiki/IPv4_address_exhaustion

    IPv4 provides approximately 4.3 billion addresses…
    the successor technology to IPv4 which was designed to address this problem, supports approximately 3.4×1038 network addresses…
    which is…IPv6 can assign about 340 trillion trillion trillion: 340,282,366,920,938,463,463,374,607,431,768,211,456 IP addresses.

    Thread Starter AlphaGeekYVR

    (@alphageekyvr)

    10 years, 12 months ago

    I’m sorry AITPro, perhaps you miss-understood me. I meant that a security plug-in of this kind (bruteforce) that looks for multiple log-in attempts on WP admin accounts should block the IP address of the offender, not simply block the admin userid. As I’m a network tech, with 35+ years of Unix/Linux experience, I’m well aware of the IP address space and your post was not really relevant. In any event, I just realized that the WP forums search lead me to think that WP SecureOPS BruteForce was developed by BulletProof – my apologies, this is in the wrong forum.

    Plugin Author AITpro

    (@aitpro)

    10 years, 12 months ago

    Cool. Yep was a Network Engineer and Network Security Specialist for a couple of decades for 10,000+ node computer networks. Handled a lot of WAN/LAN router/routing/firewall configs during that time. What I have found now that my work focuses on Internet Security is that IP addresses are actually a liability if you are trying to block by IP address. What is not a liability is allow by IP address. Example: Allow your IP address vs block trillions of IP addresses. The end result is the same except for your server would not be crippled by doing an allow vs block.

    Never heard of WP SecureOPS BruteForce before. No idea what that is. 😉

    Anyway my forum site occaisonally gets brute force attacked at a rate of 1,000 login attempts per second for several days. The negative impact is .1 second page load time. Users are not aware that a brute force attack is occurring – business as usual without any negative impact. 😉

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘multiple login failed attempts (again)’ is closed to new replies.