[Plugin: Better WP Security] Banned user still gained access

  • maximan

    (@maximan)


    12 years, 6 months ago

    A few months ago I posted about an apparent Ban Users bug, which you confirmed and fixed. Up until today it’s been working as expected with no banned user IP sniffing around. However, despite listing the complete Russian Federation IP range today I see someone within that IP range was able to access my site and peruse multiple pages. As a test to reconfirm the Banned User list was working I used Witopia to masquerade as being in Moscow and, sure enough, when I attempted to access my site it showed the expected “error” message. My question is: How could an IP from within the banned range still access multiple pages? Is this an isolated case and if so how could this be prevented in future? I can provide specific IP addresses if this would help you.

    http://wordpress.org/extend/plugins/better-wp-security/

Viewing 8 replies - 1 through 8 (of 8 total)
  • monkeykong

    (@monkeykong)

    11 years, 6 months ago

    I would like to second this issue. I haven’t banned a complete range of IP’s but today two different IP’s which are listed in the “Ban Hosts” section were locked out due to too many login attempts and I receieve the standard email about it.

    The box “Enable banned users” is checked and I’m 100% sure that the IP’s match.

    – What do you think is wrong?

    monkeykong

    (@monkeykong)

    11 years, 6 months ago

    I should probably say that I use Better WP Security 3.4.4 and WordPress 3.4.2.

    Bit51 (part of the iThemes family)

    (@bit51)

    11 years, 6 months ago

    MonkeyKong are the IPs in question in your .htaccess file? (have they written to it successfully)

    monkeykong

    (@monkeykong)

    11 years, 6 months ago

    Yes, they are in there. It looks like this:

    # End HackRepair.com Blacklist
Order allow,deny
Allow from all
Deny from 195.190.13.158
Deny from 195.67.40.14
Deny from 125.255.84.98
Deny from 110.142.78.177
Deny from 80.36.14.23
Deny from 80.33.195.34
Deny from 80.25.95.249
Deny from 79.148.238.85
Deny from 78.7.77.234
Deny from 74.62.205.194
Deny from 70.88.16.189
# END Better WP Security

    And just yesterday I got the message saying A host, 74.62.205.194(you can check the host at http://ip-adress.com/ip_tracer/74.62.205.194) has been locked out of the WordPress site at http://chromatic.se until Tuesday, October 2nd, 2012 at 7:39:26 pm UTC due to too many login attempts.

    Thank you for looking in to this so quickly!

    ExtremaNL

    (@extremanl)

    11 years, 6 months ago

    MonkeyKong,

    After being under attack recently I learned a lot today and just installed this plugin and only a couple of hours later noticed several new login attempts for user ‘admin’. I recognize several of the IP addresses you mentioned, must be some big attack going on. I have not encountered the bug yet but I’ll keep a very close eye on it and will post here if I do.

    Thanks for looking in to this Bit51!

    monkeykong

    (@monkeykong)

    11 years, 6 months ago

    Hi ExtremeNL, it’s a fantastic plugin! I just hope to keep those banned IP’s away for good!

    gokul84

    (@gokul84)

    11 years, 6 months ago

    my site was attacked a thousand times before this plugin, now everything is under control. thanks for this rock-solid security plugin.

    monkeykong

    (@monkeykong)

    11 years, 6 months ago

    Today I got

    A host, 80.33.195.34(you can check the host at http://ip-adress.com/ip_tracer/80.33.195.34) has been locked out of the WordPress site at http://chromatic.se until Wednesday, October 10th, 2012 at 4:24:07 am UTC due to too many login attempts.

    even though it’s on the list, as you can see.

    Any ideas on how to solve this?

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘[Plugin: Better WP Security] Banned user still gained access’ is closed to new replies.