Cached spammer IP as good IP

  • theguitarlesson

    (@theguitarlesson)


    10 years, 4 months ago

    Hi,
    I just noticed in the activity log that someone from a specific IP is trying to log in lots of times with username “admin” (no such user exists on my site, so it’s obviously a hack attempt), and the Reason column says “Cached good ip”!?

    The hacker IP is in the Good IP cache for some reason, but I didn’t put it there…

    How could this have happened?

    Best,
    Tom

    http://wordpress.org/plugins/stop-spammer-registrations-plugin/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Keith P. Graham

    (@kpgraham)

    10 years, 4 months ago

    The user is in the good IP cache because they passed all the tests. You should press the button on the stop spam history page to clear the cache.

    Keith

    Thread Starter theguitarlesson

    (@theguitarlesson)

    10 years, 4 months ago

    I’m actually seeing more of this, so more IPs cached as good IPs, trying to log in with the admin username. 2 of them to be specific on the Recent activity table. It looks like they are trying to get in every 50 seconds. Bastards.

    I don’t have a brute login plugin installed since your plugin was/is awesome, I donated $10 a while ago.

    Seeing this, I think I’ll install one now though. Can you recommend a brute force counter plugin that won’t conflict with your plugin?

    Thanks,
    Tom

    Keith P. Graham

    (@kpgraham)

    10 years, 4 months ago

    You can add one of the simple catch type programs, possibly one that asks an arithmetic question. These are simple and very effective.

    I don’t use anything else on my websites because I am interested in seeing how the plugin works. Since your mentioned it a few days ago, I installed a brute force plugin here, but it is not working. I think bbpress lets the user in before the plugin gets to check the results.

    Keith

    Thread Starter theguitarlesson

    (@theguitarlesson)

    10 years, 4 months ago

    I have recaptcha activated, as well, it works fine with your plugin.
    I don’t have bbpress activated at all. I’ll activate a brute force plugin and see what happens.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Cached spammer IP as good IP’ is closed to new replies.