caseyctg
Forum Replies Created
-
Are all the “injected” messages exactly the same? If so you can probably do a search/find/replace within the mySQL database directly. That’s what I would do.
By the way, there is a multi-call option under “wordpress tweaks > Multiple Authentication Attempts per XML-RPC Requests”
Rather than trying the function above, see if setting that dropdown to “block” helps.
I had a similar problem and couldn’t understand it until I saw another thread. These logins are coming from xml-rpc. Have you disabled it? Have you limited multi-call? xml-rpc allows a user to send “packets” of logins unless you specifically tell it not to do so. I had the same issue. Tons of “admin” logins even though I had ban admin checked. Where were they coming from? You guessed it, xml-rpc.
Our response was two-fold.
1) We limited multi-call abilities in xml-rpc.
function remove_xmlrpc_methods( $methods ) { unset( $methods['system.multicall'] ); return $methods; } add_filter( 'xmlrpc_methods', 'remove_xmlrpc_methods');2) I developed a custom rate limiting plugin. I won’t divulge details on that piece, but the multi-call function above may be a big help to you.
Here is the article that helped me discover my xml-rpc issue.
https://blog.cloudflare.com/a-look-at-the-new-wordpress-brute-force-amplification-attack/- This reply was modified 9 years ago by caseyctg.
Same here, disabling that module fixed it. But I confirm the problem is within the class-itsec=lib.php get_module_path() function.
I would check your htaccess file and see if your listed there. It looks like your username may be banned. You could search the itsec tables and delete any rows where you see your username and ip.
I had the same issue. I ended up white listing that particular url because of it. I wish they would fix the cause, but I think its only happening on a particular server version..
Also forgot to mention this only happens on the admin side, not the front end.
I just ran into this issue myself. I fixed it on my end but hopefully they’ll fix it within the core…
Affected file:
better-wp-security/core/class-itsec-lib.phpAffected function within that file:
public static function get_module_path( $file ) { $path = str_replace( ITSEC_Core::get_plugin_dir(), '', dirname( $file ) ); $path = ltrim( str_replace( '\\', '/', $path ), '/' ); $url_base = trailingslashit( plugin_dir_url( ITSEC_Core::get_plugin_file() ) ); //$url_base is returning https://yoururl/wp-content/plugins/better-wp-security/ //fix...not returning correct path for strong passwords module... //check if path is for the strong-passwords module and correct if so //you'll need to change this to the xampp directory you posted if($path == "C:/inetpub/yourapplicationpath/wp-content/plugins/better-wp-security/core/modules/strong-passwords"){ return trailingslashit( $url_base . "core/modules/strong-passwords" ); }else{ return trailingslashit( $url_base . $path ); } }I know its bad practice to hack the core, but I needed a fix without waiting…
Thanks Dwinden, I actually found it in the options table under the itsec_global option_name. I’ve finished a more aggressive lockout plugin that works with IIS.
I’m going through the same scenario with my site. The banned IP’s do not work on IIS. I wanted to ask if you know where the whitelist gets stored? I can see where the blacklist gets serialized and stored in the database, but cannot find the whitelist. I did find the itsec_temp_whitelist_ip option in the _options table.
Does the whitelist only get added to an htaccess file? I’m working on a custom ithemes additional class which queries the blacklisted and whitelisted ips, so I am curious where the whitelist gets stored.
Thanks @dwinden. I’ve submitted through the link.
Still some sort of conflict with WPTouch even after deleting MP Spam Be Gone. So something conflicts with “WPtouch Mobile Plugin”
Actually, I take that back. I found the culprit. It was MP Spam be gone. Once I deactivated that plugin, devFormatter and the rest started working.
Must have been the loading order.
For example:
Search using “My conference”
Search value becomes “Myconference” and results do not display for My Conference.
Seems to be related to white space escaping. a search using “My%20conference” returns the desired results.
Plugin version 3.11
Forum: Fixing WordPress
In reply to: How to count custom taxonomy posts in wordpress walkerClosed