Forums

WordPress › Support » Plugins and Hacks

Login Security Solution
[resolved] Not seeing slowdown during brute force attack [0.20.2]? (2 posts)

  1. bbeoj
    Member
    Posted 9 months ago #

    Let me start by saying that the attack was unsuccessful, in part due to the strong passwords enforced by this plugin.

    I'm using 0.20.2, and during an attack this weekend that lasted 2 and a half hours there were 1000 login attempts with only 9 to 12 seconds between each attempt.

    I received 50 emails - I expected that the attack would be slowed down more...?

    I can send any logs you need if you would like to take a look.

    Thanks!

    http://wordpress.org/extend/plugins/login-security-solution/

  2. Daniel Convissor
    Member
    Plugin Author
    Posted 9 months ago #

    Hi bbeoj:

    The attackers were using multiple processes against you. If the slowdown wasn't there, they would have gotten in multiple requests per second.

    Testing on my local dev box with valid auth credentials produces about 8 hits per second, which would add up to about 72,300 attempts in 2.5 hours. You only had 1,000.

    Thanks for the report,

    --Dan

Reply

You must log in to post.

About this Plugin

About this Topic

Tags