WordPress.org

Ready to get started?Download WordPress

Forums

Login Security Solution
[resolved] Not seeing slowdown during brute force attack [0.20.2]? (2 posts)

  1. bbeoj
    Member
    Posted 2 years ago #

    Let me start by saying that the attack was unsuccessful, in part due to the strong passwords enforced by this plugin.

    I'm using 0.20.2, and during an attack this weekend that lasted 2 and a half hours there were 1000 login attempts with only 9 to 12 seconds between each attempt.

    I received 50 emails - I expected that the attack would be slowed down more...?

    I can send any logs you need if you would like to take a look.

    Thanks!

    http://wordpress.org/extend/plugins/login-security-solution/

  2. Daniel Convissor
    Member
    Plugin Author

    Posted 2 years ago #

    Hi bbeoj:

    The attackers were using multiple processes against you. If the slowdown wasn't there, they would have gotten in multiple requests per second.

    Testing on my local dev box with valid auth credentials produces about 8 hits per second, which would add up to about 72,300 attempts in 2.5 hours. You only had 1,000.

    Thanks for the report,

    --Dan

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic