WordPress.org

Ready to get started?Download WordPress

Forums

Limit Login Attempts
[resolved] Numerous login attempts still being made (11 posts)

  1. cjackson23
    Member
    Posted 2 years ago #

    Plugin is set as follows:

    4  allowed retries
    90 minutes lockout
    3  lockouts increase lockout time to 72 hours
    12 hours until retries are reset

    Last night someone was able to submit over 100 login attempts from the same IP, within an hour at most.

    What can I change to prevent this?

    http://wordpress.org/extend/plugins/limit-login-attempts/

  2. cjackson23
    Member
    Posted 2 years ago #

    Perhaps the lockout DID happen after the first 4 attempts and their script kept attempting? (Thus generating the 100+ entries in Activity Monitor?)
    From the email generated by the plugin:

    4 failed login attempts (1 lockout(s)) from IP: 80.165.154.119

  3. carbeck
    Member
    Posted 2 years ago #

    Yeah, same here. There's a Ukranian IP that's been trying every now and again for about a hundred times to login as admin for 3 days now and in the plugin settings it just says "admin (1 lockout)", while my log files have

    93.183.***.*** - - [10/Mar/2012:13:47:15 +0000] "POST /wp-login.php HTTP/1.0" 200 5650 "http://[my server]/wp-login.php" "Mozilla/5.0 (Windows NT 5.1; rv:4.0) Gecko/20100101 Firefox/4.0"

    repeated for about a hundred times even after there should theoretically be a lockdown. I assume that instead of getting a 403, the login page is still shown, but with a notice that you can't log in anymore.

  4. robanna
    Member
    Posted 2 years ago #

    I'm getting the same thing. Close to 100 attempts before getting only one lockout.

  5. robanna
    Member
    Posted 2 years ago #

    I assume that instead of getting a 403, the login page is still shown, but with a notice that you can't log in anymore.

    I think you're right. I was able to continue to make login attempts even though I intentionally locked myself out. So, even if the hit the right user/pass combo they can't get in since they are locked out.

    All of the attempts were logged in Activity Monitor.

  6. cjackson23
    Member
    Posted 2 years ago #

    robanna,
    Were you able to verify first-hand that a user cannot log in after lockout—even with the correct user/pass combo?

  7. robanna
    Member
    Posted 2 years ago #

    cjackson23,
    Yes I was. I locked myself out and then used the correct combo and was not able to get in until I reset the lockout.

  8. Andrzej
    Member
    Posted 2 years ago #

    If you don't care about traffic from that Ukrainian domain, just add the full IP address 'range' to your site's .htaccess deny list. I usually lookup the full range of the blocked IP address at http://www.ipchecking.com/. Then manually edit your .htaccess or use cPanel IP Deny Manager to append .htaccess - range is special without spaces: 123.456.789.11-123.456.789.13 This method will permanently block a domain and is not affected by the limit-logon-attempts plugin operations.

  9. johanee
    Member
    Plugin Author

    Posted 2 years ago #

    As noted above the attempts will still get logged in access logs and with tools such as Activity Monitor even when they are being blocked by the plugin.

    The visitor (bot) gets a login page with information about the lockout and no attempt to login is actually made.

    It is not a bad idea to block specific IP in htaccess as they can make more trouble apart from trying to log in (spam, etc).

  10. cjackson23
    Member
    Posted 2 years ago #

    It is not a bad idea to block specific IP in htaccess as they can make more trouble apart from trying to log in (spam, etc).

    awoz & johanee,
    I get multiple login attempts every day on a couple of my sites. I'm wondering what it is that attracts them? Something in the META header info? Any insights?

  11. johanee
    Member
    Plugin Author

    Posted 2 years ago #

    It seems that most WordPress blogs get a lot of login attempts these days. I get them on a number of blogs. An unfortunate fact of having a WP blog these days it appears.

    I guess there are people that has automated probing for and then attempting a brute force login.

    It would be interesting to set up a honeytrap style WP installation and watch what they'll do once they are inside.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic