Dean Taylor
Forum Replies Created
-
Forum: Plugins
In reply to: [Login Security Solution] Excellent pluginJust to share a few I’ve been logging for “admin” seems it’s not a real user:
Passwords tried consist of:
- Pretty much all of the passwords here: http://blog.wundercounter.com/2009/12/twitter-and-avoiding-weak-passwords.html
- Every keyword on the homepage of each of the sites in a multi-site.
- General dictionary searches (with and without numbers added to end / beginning).
- Swear words / profanity (with and without numbers added to end / begining).
- Many repetitive number/letter sequences like:
11223344,1122334455,a1b2c3d4,qweqweqwe - And far more complex ones than these below
adminjohnjacknicksupermanSuperman0123456789123456789123456781234567123456123451234123121ADMINISTRATORAdministratorAdmin123456Admin!1qaz2wsxtest123q1w2e3r412admin12hackersadmin!@#changemem123456p@55w0rd- etc. etc.
A large number of these use the user agent
Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm).Forum: Plugins
In reply to: [Login Security Solution] Still can't get intoHi Daniel,
Just to clarify I believe Lorax means the following…
I have actually experienced this before, some corporations and educational establishments do actually proxy all users through a single IP address.
This means to a website hosted outside of the internal network all users appear to be from a single IP address, the IP of the proxy.
Cheers,
Dean.Forum: Plugins
In reply to: [Login Security Solution] Still can't get intoAssuming you are using the default table name
prefix of,wp_:wp_login_security_solution_failwp_login_security_solution_failis the only table LSS currently creates anything else would likely be from another plugin.Forum: Plugins
In reply to: [Login Security Solution] Still can't get intoExpect to be attacked! It’s just the norm.
Here are some numbers from my simple no-name test installation with one user (me) which was installed the same time as LSS, you can see the increase in failure attempts over time:
SELECT count(*), DATE_FORMAT(date_failed, '%Y-%m') FROM wp_login_security_solution_fail GROUP BY DATE_FORMAT(date_failed, '%Y-%m') Month Failed Count 2012-07 109 2012-08 277 2012-09 2848 2012-10 359 2012-11 2480 2012-12 568 2013-01 502 2013-02 4134 2013-03 11340 2013-04 2979Forum: Plugins
In reply to: [Login Security Solution] Still can't get intoTake a backup of the table – perhaps it might be useful to diagnose what actually happened.
Forum: Plugins
In reply to: [Login Security Solution] Still can't get intoActually yes, there is an automatic whitelist on a per-user basis.
It was described in a previous forum post, for your reference:
The plugin has an automatic whitelist process. Whenever someone updates their password, the IP is stored for future reference. Notices may still get sent depending on the timing of attacks and legitimate logins, so users can make sure nothing bad is happening…
And checking the source code I also noted the following:
Note: saves up to 10 addresses, duplicates are not stored.
This white-listing of IP addresses occurs on a per-user basis, these are called “verified IP’s” in the code.
So you will likely see some requests for password resets if your users are coming from the same IP, but after the password is reset – that IP is whitelisted for that user. So that user will not be troubled again when logging in from that IP.
Please note this information is specific to version
0.35.0, things do change based on user feedback – but always with security in mind and after careful consideration by the plugin author.Cheers.
Forum: Plugins
In reply to: [Login Security Solution] Still can't get intoIn the early days using the initial versions of this plugin…
I found that testing the LSS plugin and attempting failed passwords via my single connection (read single IP address) caused some of these same issues.
I believe this was because my IP address was in the “failed attempts” table and therefore classed my IP as “bad” and correctly forced me to change my password when I successfully entered the correct password.
From what I read in these forums some users descriptions of problems sound like this is happening.
I would say – after testing the plugin clear out the
wp_login_security_solution_failtable.Maybe this is your issue – maybe not.
I’m sure you will get more input from the plugin author in due course (a very busy guy).
Cheers,
Dean.Forum: Plugins
In reply to: [Login Security Solution] Can't log in to my own site!Hi,
FYI: the quickest way to disable a plugin that is not behaving properly without access to the Admin Dashboard is to “rename” the plugin folder.
Described in mode detail here as “Choice 1: Disable the Files”:
http://www.ostraining.com/blog/wordpress/disable-a-wordpress-plugin/In terms of your other questions I’ll leave those to the plugin author.
Cheers,
Dean.No problem Chris, thanks for the update.
Cheers Christopher!
Forum: Plugins
In reply to: [Plugin: Jetpack by WordPress.com] PHP DeprecatedOpened new support forum topic now PHP5 is a requirement for both WordPress and Jetpack:
http://ww.wp.xz.cn/support/topic/e_deprecated-assigning-the-return-value-of-new-by-reference-is-deprecatedDan:
Excellent work, up-voted 🙂
Cheers,
Dean.Nice one Dan.
FYI: I did a quick search on the topic, it seems not only safe mode can cause the issue.
Hosting providers can choose to disable the exec function;
I thought the following was a nice snippet for testing:
http://stackoverflow.com/a/8094814Note I haven’t reviewed your code changes they may well do this already.
I agree with Dan and his statements above.
As a side note; Dan:
Could you not code around these issues by changing the code in the following form, from this:
protected function is_pw_dict_program($pw) { if ($this->available_dict === false) { return null; } $term = escapeshellarg($pw); exec("dict -m -s exact $term 2>&1", $output, $result); if (!$result) { return true; } elseif ($result == 127) { $this->available_dict = false; return null; } return false; }To this:
protected function is_pw_dict_program($pw) { if ($this->available_dict === false) { return null; } $term = escapeshellarg($pw); // Initialise the result with an error value. $result = 127; // Suppress errors with "@" @exec("dict -m -s exact $term 2>&1", $output, $result); if (!$result) { return true; } elseif ($result == 127) { $this->available_dict = false; return null; } return false; }Obviously this would need to be done in both
is_pw_dictionary__grepandis_pw_dict_program.Cheers,
Dean.Hi Dan:
Sadly work load hasn’t provided me with any time to work with it.
Dean.