Locked out of own site

  • Resolved Tallowood

    (@tallowood)


    10 years, 9 months ago

    I have been locked out of my own site 403 Error. Only way to resolve was to delete plugin and all data.
    Would it be possible to be able to add a white list of IP addresses please. I think attack detection triggered be android phone with WordPress app as site has admin accounts have 2 factor authentication as well.

    Apart from that, really pleased with plugin defending the site.

    http://wordpress.org/extend/plugins/login-security-solution/

Viewing 7 replies - 1 through 7 (of 7 total)
  • longred

    (@longred)

    10 years, 9 months ago

    I’m also locked out of my own site.

    What do I have to delete over ftp or SQL to get back access?

    Thanks for helping

    Plugin Author Daniel Convissor

    (@convissor)

    10 years, 9 months ago

    Hi Folks:

    Which version of Login Security Solution were you using? 403 Error? LSS doesn’t return 403 responses. Please elaborate with specifics of what was happening in the environment, attacks that were happening, what steps you took to get a 403 in your browser and exact messages you received.

    As far as SQL, this plugin stores failure attempts in the <prefix>login_security_solution_fail table. Deleting the data in there should resolve most issues.

    –Dan

    Thread Starter Tallowood

    (@tallowood)

    10 years, 9 months ago

    Hi Dan,

    I’m using LSS 0.42 on latest WordPress release, I have an auto update that runs every night to install patches.

    Site was fully accessible but when I went to …/wp-login.php ‘403 Forbidden’ returned instead of user name and password page.

    I could log in through a VPN connection I have to work and through a free WiFi access point with no problem hence it looked like my home IP address had been black listed.

    Over the VPN I uninstalled LSS having selected the delete data setting on the set up page. Login page available on home IP address again. Reinstalled LSS and back repelling attacks. Sorry table content destroyed when I uninstalled so can’t see if my IP was listed.

    Over the last week have been getting 2 x 6 hour attacks a day. Taken usual precautions such as not using admin as username and having ferry strong password with 2 factor authentication.

    I am afraid LSS is the prime suspect as in installing and removing data cured the problem.

    For longred, a trip to your local WiFi hotspot will allow you to get back into your site.

    Plugin Author Daniel Convissor

    (@convissor)

    10 years, 9 months ago

    Thanks for the details.

    The problems accessing wp-login.php were via web browser, correct? You mention an Andriod app, so just making sure.

    First, LSS doesn’t do any special checking on arrival at wp-login.php. If LSS is letting you see other parts of the site, LSS will let you see wp-login.php too.

    Second, LSS doesn’t produce 403’s.

    Perhaps you have a modified version of LSS? I’ve seen some folks use LSS’s data and/or modified versions of the plugin to reject access to the login page. More likely, you have another plugin that’s at issue.

    Which plugin are you using for your two factor auth? What other plugins do you have installed? What comes out if you run grep -r 403 . on your plugins directory?

    I’m not trying to pass the buck here. But like I said above, the behavior being described doesn’t match how LSS works.

    I hear you that removing LSS solved the problem. That _could_ be a coincidence.

    csckauf

    (@csckauf)

    10 years, 9 months ago

    I use LSS 0.42 on latest WordPress release as well. I downloaded the Login Security Solution plugin several months ago, and have updated when prompted to do so. It worked fine until yesterday, July 14.

    When I tried logging into my WP site, I got the follow message (I x’d out the data itself). The IP address listed is my home IP address. Error message:

    Please enter your username or email address. You will receive a link to create a new password via email.

    I enter my username, press the “Get New Password” button, and no link is mailed.

    I do, however, get error messages from Login Security Solution delivered to my email address informing me a user with my IP address has broken into my site. Below is the message:

    Your website, xxx, may have been broken in to.

    Someone just logged in using the following components. Prior to that, some combination of those components were a part of 7 failed attempts to log in during the past 120 minutes:

    Component Count Value from Current Attempt
    ———————— —– ——————————–
    Network IP 0 107.xx
    Username 7 xxx
    Password MD5 0 xxx

    The user has been logged out and will be required to confirm their identity via the password reset functionality.

    This message is from the Login Security Solution plugin (0.42.0) for WordPress.

    As I said, the above Network IP address is my home IP address.

    I’m not a software developer, so unfortunately I don’t know how to use a “VPN connection” that I see another user mentioned in a comment. I’ve instead contact hostgator to see if they can help me. Currently, they’re working to disable all of my plugins, then helping me to get back into my website so I can go through my plugins one by one and eliminate those I don’t want to use.

    I suppose I’ll need to delete Login Security Solution, which I’m sorry to do as it’s worked fine up until this problem.

    Plugin Author Daniel Convissor

    (@convissor)

    10 years, 9 months ago

    Hi csckauf:

    Network IP 0 107.xx
    Username 7 xxx
    Password MD5 0 xxx

    That means someone tried to log into using your your user name seven times. They didn’t get in. The 0 for “Network IP” and “Password MD5” indicates the attacker (or whomever) was coming from a different IP and using a different password than you used to successfully log in. Login Security Solution noticed those prior seven failures and immediately logged you out and is requiring you to reset your password (to ensure you are who you say you are).

    Please enter your username or email address. You will receive a link to create a new password via email.

    That message is produced by WordPress’ “Lost Password” page. The fact that you didn’t receive an email from WP’s password reset process could be due to several problems (spam filteres, incorrect user name or email address, etc). Login Security Solution is not involved with that process.

    Note: If you want to override the password reset requirement, and you have direct access to your database, you can run the following query (adjust the wp_ in the table name to be whatever your $table_prefix is):

    DELETE FROM wp_usermeta WHERE user_id = <yourID> AND meta_key = 'login-security-solution-pw-force-change';

    Good luck,

    –Dan

    Plugin Author Daniel Convissor

    (@convissor)

    10 years, 9 months ago

    Hi Again Tallowood:

    I was just looking at the Simple Login Lockdown plugin’s page and noticed the following text:

    3. After a certain number of failed attemps (defaults to five), further attemps to access the wp-login.php page are blocked for a time (defaults to one hour).

    That sounds exactly like the behavior you’re seeing. And the source code of the plugin calls wp_die() with a 403 response code.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Locked out of own site’ is closed to new replies.