WordPress.org

Ready to get started?Download WordPress

Forums

Login Security Solution
[resolved] Can't log in after brute force attack (5 posts)

  1. ctortola
    Member
    Posted 1 year ago #

    My site suffered a brute force attack and now I cannot log in. LSS successfully blocked the attacker, however, the attacker used "admin" as the username and my username is "admin". I now try to log in and the following happens:

    1) Log in using my credentials and receive a wrong username error
    2) Log in a second time using my credentials and get a 406 Not Acceptable
    3) After a few minutes, I can get back to the wp-admin screen but end up in a loop of the above steps.

    http://wordpress.org/extend/plugins/login-security-solution/

  2. I think you'll need to disable that plugin before you can make headway. Since you can't get into the WordPress dashboard try these steps.

    1. Using FTP or whatever filemanagement tools your host has provided you with navigate to the wp-content/plugins directory.
    2. Once there locate and delete the login-security-solution directory. Just that one directory and nothing else.
    3. Try and re-login to your WordPress dashboard.

    If even after that you can't get in (it may not be the plugin) then give this a read about resetting your password.

    http://codex.wordpress.org/Resetting_Your_Password

  3. ctortola
    Member
    Posted 1 year ago #

    that worked - thanks!

  4. Cool! Happy to help. ;)

  5. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    Hi Ctortola:

    Your report of the "406 Not Acceptable" is unusual. Login Security Solution does not produce such a result. Do you have some other plugins installed? Have you grep'ed your code base for 406.

    As far as LSS blocking your login attempts, logging in with an attacked user name should only put you through the password reset process once. During that process, LSS stores the IP address you're coming in from and puts it on a white list. But that whitelist doesn't get used if the IP address is the same as the "attacker's."

    This can happen for a few reasons:
    * You're the "attacker" (due to testing, forgetting your password, etc)
    * Your web server is behind a proxy
    * You've got malware on your computer
    * You're on some network (university, corporate, etc) that says you and the "attacker" are coming from the same IP. The "attacker" could be some other user(s) forgetting their passwords.

    The way to help figure out what's happening is to examine the <prefix>login_security_solution_fail table.

    --Dan

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.