Persistent brute force attempts

  • Resolved Antipole

    (@antipole)


    9 years, 4 months ago

    I am using AIOWP and love it. Just one of my web sites is getting a persistent brute force attack. I have it set to lock out for an hour after 3 tries and I have a long random password so the chances of the attacker guessing right is slim. But it is annoying. Not sure what else I can do to rid myself of this.

    1. I have changed the login page name
    2. I do not have an account name of admin
    3. Surprisingly, the attacker is guessing my user name correctly (my known name), presumably by deduction from my presence on the web site. I want to keep my user name for other users’ convenience. From this I deduce that it is the same attacker (or same attack bot each time.
    4. Each attack comes from a different IP address, so I cannot forestall them that way.
    5. I cannot restrict logins to be only from a known IP address because of various legitimate logins
    6. I have turned on the honeypot to no effect
    7. I have the built-in CAPCHA turned on

    Yet still I am getting the ‘A lockdown event has occurred due to too many failed login attempts or invalid username:” message 2-3 times a day. It’s been going on for weeks. I imagine that a filled-in honeypot or wrong CAPCHA still counts as a failed login and hence towards the count when the lockdown occurs.

    What more can AIOWP or I do? Any advice appreciated.

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    9 years, 4 months ago

    Hi, do you have any of the following enabled? These are located under WP Security -> Firewall -> Basic Firewall Rules.

    1. Completely Block Access To XMLRPC:
    2. Disable Pingback Functionality From XMLRPC:
    • This reply was modified 9 years, 4 months ago by mbrsolution.
    Thread Starter Antipole

    (@antipole)

    9 years, 4 months ago

    @mbrsolution I have Basic Firewall Protection enabled, but do NOT have the two you list enabled.

    I hope for further guidance – thanks.

    Plugin Contributor mbrsolution

    (@mbrsolution)

    9 years, 4 months ago

    Hi (@antipole), can you enable Completely Block Access To XMLRPC: if your are not logging via any mobile device? Then report back after a few days.

    Thank you

    Thread Starter Antipole

    (@antipole)

    9 years, 3 months ago

    @mbrsolution… I find that since turning on CAPTCHA there has been a big reduction in lockouts – one every few days rather than every day. It is no longer possible for 1Password to automatically log me on, but workable.

    Today I will turn on Completely Block Access To XMLRPC for a week as an experiment and report back. I do not want to keep it on permanently.

    Thank you for your interest.

    Thread Starter Antipole

    (@antipole)

    9 years, 3 months ago

    An update… I turned on Completely Block Access To XMLRPC on 15th Feb and had no lockouts due to attacks to 26th Feb, when I turned it off as an experiment. Since then there has been one lockout every day.

    I conclude: the attacks are exploiting XMLRPC.

    I shall now block access again as I am not presently using app access.

    Thanks for your help.

    Plugin Contributor mbrsolution

    (@mbrsolution)

    9 years, 3 months ago

    You are most welcome. If your issue is resolved can you mark this support thread as resolved.

    Thank you

    Thread Starter Antipole

    (@antipole)

    9 years, 3 months ago

    Yes – will mark as resolved – thank you.

    There remains, of course, the issue of the vulnerability of the XMLRPC interface, but that is, presumably, a WordPress issue rather than yours.

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘Persistent brute force attempts’ is closed to new replies.

Tags