WordPress.org

Ready to get started?Download WordPress

Forums

Login Security Solution
[resolved] Full IP address (10 posts)

  1. GeorgeRB
    Member
    Posted 1 year ago #

    Is there a reason why the full IP address is not shown in the email notification please?

    George

    http://wordpress.org/extend/plugins/login-security-solution/

  2. karoshism
    Member
    Posted 1 year ago #

    I see this in the source code:

    * The "network" component for IPv4 is the first three groups ("Class C")
    * while for IPv6 it is the first four groups.
    

    I don't think that is correct, because there's virtually no practical way to know the network component for a foreign IP that connects to us. I'm curious to know why the plugin author made such an arbitrary choice.

    And of course, why he's using the above information rather than the full IP in the notification email.

  3. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    Hi George:

    The address shown in the email is the address used for the counting/blocking.

    All of the login checking WordPress plugins use the network component approach.

    Thanks.

  4. Simmons
    Member
    Posted 1 year ago #

    Is there a way through WordPress to check the full IP, or is that something I have to check in the logs? Thanks.

  5. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    It's in the <prefix>_login_security_solution_fail table.

  6. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    It's in the <prefix>_login_security_solution_fail table.

  7. Simmons
    Member
    Posted 1 year ago #

    Kind of hoping not to have to get into the database to see it. Any way to update the email so it includes the full IP?

  8. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    No, sorry.

  9. angifox
    Member
    Posted 1 year ago #

    Hi.

    I was checking some attacks at the moment and I have some doubts about how works that plugin.

    I recive the email notifications and I can manualy check the ip in the database.

    Using multiple plugins to check the "ip visitors" I can check that there are no connections with the IP attacker.

    Is normal that some attackers can bypass the "stats" of these plugins?

    ANother question is.

    With a plugin to manually ban IP address, I continue to recive emails with "attacks". I am using the "Simple IP Ban" plugin. Is that normal?

    Is it posible to add a feature to ban IP directly from your plugin?

    Or auto-ban temporary the IP address during X days and after Y number of attemps?

    Thanks

    Thanks

  10. knappen
    Member
    Posted 1 year ago #

    Hi angifox!

    Convissor, the plugin author, explains in the FAQs his preference to to slow down and log the attacker instead of an outright ban.

    If, however, you have your heart set on banning miscreants, you may want to try making edits to your htaccess file. PerishablePress.com has some great copy and paste htaccess blacklist edits to get you started that are broader than individual IP blocking.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags