Hi Jan:
That’s the network component of the IP address, which is what’s used for counting the failures. The full address is in the <prefix>login_security_solution_fail table.
I’m curious, which version of the plugin were you using when that email was sent, please?
Thanks,
–Dan
I am using the latest version
I went to the table and I saw the logs. I am curious why the suspected attacker is able to use my username even though i am using a username that is not common.
in the table there are attempts of using usernames as root, admin, webmaster and suprisingly, it also have entries of failed attempt using my real username.
Does it imply the attacker is somehow gaining access to some data?
Thanks
Hi Jan:
By latest version, you mean 0.23.0? Hmm, and it’s still sending the emails with 0 counts. Alas.
The failures with your user name could be due to auth cookies? Did you change your password? Are you using multiple browsers? Do the times match the times you were looking at the site.
Or the attacker deduced your user name from the site name or the user name on your postings.
–Dan
Yes that is my version. But that log may have been log before i upgrade to latest version. I randomly choose it from the table.
I changed my password because I was locked down. The log said there was a successful intrusion that is why the username password reset is required.
When i check the logs, the IP of the alleged intruder was my IP.
But the real suspected attacker IP has several logs using my real username.
Yes I am using multiple browser to test my website.
I am not posting using my wp owner/admin account
By the way. I am starting to appreciate your plugin. it seems that there are many intrusion attempt I was missing before.
Thanks
Hi Dan and Jan,
Thanks for the plugin. I experience the first attack today, with the version 0.34.0.
I received a notice of attack, but without the last octet of the IP. Is it possible in a next release to show the full IP?
Like Jan I was surprised my username had been found with no display in comments or elsewhere, and no obvious quoting in the site.
It’s fairly easy to guess an administrator’s username.
It’s usually the author name.
Here are a couple of ways they can guess at it.
Using their browser they could do the following (where example.com is your domain).
example.com/author/
That above could reveal any posts that were created by any authors of the site.
Or they could try this:
example.com/?author=1
example.com/?author=2
example.com/?author=3
and so on.
More than likely a lower number is the username of an admin.
