WordPress.org

Ready to get started?Download WordPress

Forums

iThemes Security (formerly Better WP Security)
[Plugin: Better WP Security] Banned user still gained access (9 posts)

  1. maximan
    Member
    Posted 2 years ago #

    A few months ago I posted about an apparent Ban Users bug, which you confirmed and fixed. Up until today it's been working as expected with no banned user IP sniffing around. However, despite listing the complete Russian Federation IP range today I see someone within that IP range was able to access my site and peruse multiple pages. As a test to reconfirm the Banned User list was working I used Witopia to masquerade as being in Moscow and, sure enough, when I attempted to access my site it showed the expected "error" message. My question is: How could an IP from within the banned range still access multiple pages? Is this an isolated case and if so how could this be prevented in future? I can provide specific IP addresses if this would help you.

    http://wordpress.org/extend/plugins/better-wp-security/

  2. MonkeyKong
    Member
    Posted 1 year ago #

    I would like to second this issue. I haven't banned a complete range of IP's but today two different IP's which are listed in the "Ban Hosts" section were locked out due to too many login attempts and I receieve the standard email about it.

    The box "Enable banned users" is checked and I'm 100% sure that the IP's match.

    - What do you think is wrong?

  3. MonkeyKong
    Member
    Posted 1 year ago #

    I should probably say that I use Better WP Security 3.4.4 and WordPress 3.4.2.

  4. MonkeyKong are the IPs in question in your .htaccess file? (have they written to it successfully)

  5. MonkeyKong
    Member
    Posted 1 year ago #

    Yes, they are in there. It looks like this:

    # End HackRepair.com Blacklist
    Order allow,deny
    Allow from all
    Deny from 195.190.13.158
    Deny from 195.67.40.14
    Deny from 125.255.84.98
    Deny from 110.142.78.177
    Deny from 80.36.14.23
    Deny from 80.33.195.34
    Deny from 80.25.95.249
    Deny from 79.148.238.85
    Deny from 78.7.77.234
    Deny from 74.62.205.194
    Deny from 70.88.16.189
    # END Better WP Security

    And just yesterday I got the message saying A host, 74.62.205.194(you can check the host at http://ip-adress.com/ip_tracer/74.62.205.194) has been locked out of the WordPress site at http://chromatic.se until Tuesday, October 2nd, 2012 at 7:39:26 pm UTC due to too many login attempts.

    Thank you for looking in to this so quickly!

  6. ExtremaNL
    Member
    Posted 1 year ago #

    MonkeyKong,

    After being under attack recently I learned a lot today and just installed this plugin and only a couple of hours later noticed several new login attempts for user 'admin'. I recognize several of the IP addresses you mentioned, must be some big attack going on. I have not encountered the bug yet but I'll keep a very close eye on it and will post here if I do.

    Thanks for looking in to this Bit51!

  7. MonkeyKong
    Member
    Posted 1 year ago #

    Hi ExtremeNL, it's a fantastic plugin! I just hope to keep those banned IP's away for good!

  8. gokul84
    Member
    Posted 1 year ago #

    my site was attacked a thousand times before this plugin, now everything is under control. thanks for this rock-solid security plugin.

  9. MonkeyKong
    Member
    Posted 1 year ago #

    Today I got

    A host, 80.33.195.34(you can check the host at http://ip-adress.com/ip_tracer/80.33.195.34) has been locked out of the WordPress site at http://chromatic.se until Wednesday, October 10th, 2012 at 4:24:07 am UTC due to too many login attempts.
    even though it's on the list, as you can see.

    Any ideas on how to solve this?

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic