Possible bug

Resolved dgrl
(@dgrl)

3 years ago
Hi

Where can I submit a possible bug?
Dont know for sure if it is a bug or not,

If we “Enable brute force attack prevention:” then The system will deposit a special cookie in your browser which will allow you access to the WordPress administration login page.
Any person trying to access your login page who does not have the special cookie in their browser will be automatically blocked.

Which is very nice until the moment comes when you need to clean your browser from history / cookies.

From that moment the admin does not has access anymore. I.E. your locked out.

Anyone know how to fix this and/or prevent the browser from deleting this special cookie?

Regards
- This topic was modified 3 years ago by dgrl.

Viewing 15 replies - 1 through 15 (of 19 total)

1 2 →

Plugin Support hjogiupdraftplus
(@hjogiupdraftplus)

3 years ago
Hi @dgrl

Once you have enabled cookie based brute force you should try access with secret word so {site_url}?{secret_word}=1 It will set cookie again which is valid for next 24 hrs and will allow access to login page other wise will redirect to 127.0.0.1

If you have enabled and forgot the {secret_word} define AIOS_DISABLE_COOKIE_BRUTE_FORCE_PREVENTION true in wp-config.php and try access with wp-login.php ( or renamed login page) it will disable the cookie based brute force
```
define('AIOS_DISABLE_COOKIE_BRUTE_FORCE_PREVENTION', true);
```
Thread Starter dgrl
(@dgrl)

3 years ago

Hi,

Thanks for the answer.

Where can I post a video? Coz it is not working. Simple.

I know my secret word. I copied the URL from the admin area and use it to login yet it says access denied.

Regards
Plugin Support hjogiupdraftplus
(@hjogiupdraftplus)

3 years ago
Hi @dgrl,

It might be login white listed IP not being used to login that is why it is showing access denied 403 forbidden.

please define AIOS_DISABLE_LOGIN_WHITELIST in wp-config.php and try access with.
```
define( 'AIOS_DISABLE_LOGIN_WHITELIST', true );
```
After login make sure you have static IP address and in IPv4 and Ipv6 both can be detected as IP so both have to be static and white listed.

Regards
Thread Starter dgrl
(@dgrl)

3 years ago
I know my own IP. I make the whitelisting my own. Copy my own IP into the plugin. Log out clean browser use the URL that has my secret word in it yet it says access denied. all within the same 2 minutes.

I dont have static IPv6 but I do have static IPv4
- This reply was modified 3 years ago by dgrl.
Plugin Support hjogiupdraftplus
(@hjogiupdraftplus)

3 years ago

Hi @dgrl

It could be the IPv6 got detected as your IP address not IPv4, use AIOS_DISABLE_LOGIN_WHITELIST constant to disable it.

Also Please cross check you have correct IP detection settings set WP Security > Settings > Advanced settings tab. as per https://whatismyipaddress.com/

Regards

Thread Starter dgrl
(@dgrl)

3 years ago

Ok Ill try to figure that out,

Thanks so far for all the help!

Plugin Support hjogiupdraftplus
(@hjogiupdraftplus)

3 years ago

Hi @dgrl

Ok, keep me updated.

Regards
Thread Starter dgrl
(@dgrl)

3 years ago
Hi @hjogiupdraftplus

On the brute force page I can enable “rename login page” and “Cookie based brute force prevention” but I do need to disable the “Login whitelist”
Dont know why but it works fine after disabling the login whitelist function

Regards
- This reply was modified 3 years ago by dgrl.
Plugin Support hjogiupdraftplus
(@hjogiupdraftplus)

3 years ago

Ok,

Please cross check you have correct IP detection settings set WP Security > Settings > Advanced settings tab. as per https://whatismyipaddress.com/

It might be reason the IPv6 got detected instead static IPv4, It depend on your networking and if hosting have IPv6 enabled.

Regards

Thread Starter dgrl
(@dgrl)

3 years ago

I can not choose IPv4 for some reason. ANd I use cloudfare and have dynamic IPv6

Plugin Support hjogiupdraftplus
(@hjogiupdraftplus)

3 years ago

Hi @dgrl

Ok, please try login whitelist your IPv6 range, If it works that your internet connection do change only ipv6 last 2 section or might be you need to use /48

2001:db8:1263:af15:2::/100

https://www.crucial.com.au/blog/2011/04/15/ipv6-subnet-cheat-sheet-and-ipv6-cheat-sheet-reference/

Thread Starter dgrl
(@dgrl)

3 years ago

Hi @hjogiupdraftplus For what I noticed it looks like the last 4 sections on my IPv6 changes.
I would like to really whitelist only 1 specific IP to enter the login page. Not a range since that will still leave a door open
How can I configure this plugin in such a way that it will detect IPv4 instead of IPv6? (For the brute force “login whitelisting” tab?

Plugin Support hjogiupdraftplus
(@hjogiupdraftplus)

3 years ago

Hi @dgrl

AIOS Plugin depends on $_SERVER variable provided by hosting and it depends from your internet which ip address IPv4 and IPv6 to user for browser request. If you have static IPv4 and IPv6 then only you enter it in white listed IP or with in IP range it will match it will be allowed to see the login page.

Regards
Thread Starter dgrl
(@dgrl)

3 years ago
@hjogiupdraftplus

The problem is that I have a static IPv4 and a dynamic IPv6

For the IPv6 I noticed the first 4 parts are always the same and the second 4 are always changing.

I dont want to whitelist a range of IPv6 numbers since this leaves a door open for other people in that range to gain access

Regards
- This reply was modified 3 years ago by dgrl.
Plugin Support hjogiupdraftplus
(@hjogiupdraftplus)

3 years ago

Hi @dgrl

Ok, I have created internal ticket for this.

Regards

Viewing 15 replies - 1 through 15 (of 19 total)

1 2 →

The topic ‘Possible bug’ is closed to new replies.