WordPress.org

Ready to get started?Download WordPress

Forums

Login Security Solution
[resolved] Seeing pointless notifications during attack (6 posts)

  1. Dean Taylor
    Member
    Posted 1 year ago #

    Hi Dan,

    I'm seeing the following problems / bugs:

    1. Pointless notifications during an attack
    2. The delay this plugin is supposed to introduce to the ability for an attacker does not work.

    I am using version 0.24.0.

    All of the following notifications were sent regarding attempts on the "admin" account (which does not exist).

    Please note that my login_fail_notify ("Failure Notification") setting was set to the previous default of 20 not 50.

    Your website, ****************, is undergoing a brute force attack.
    
    There have been at least 480 failed attempts to log in during the past 120 minutes that used one or more of the following components:
    
    Component                    Count     Value from Current Attempt
    ------------------------     -----     --------------------------------
    Network IP                     480     173.254.28
    Username                       480     admin

    Note the "480 failed attempts to log in during the past 120 minutes", the same in each email.

    The next line is then this:

    Password MD5                     1     81befxxxxxxxxxxxxxxxxxxxxx

    Where 81befxxxxxxxxxxxxxxxxxxxxx is replaced with a different value each time.

    There were 42 emails in total sent in a period of approximately 10 minutes and 15 seconds.

    There was approximately 15 seconds between each notification email.

    For your reference here are the times and differences as taken from the email headers:

    08:02:24
    08:02:39	00:00:15
    08:02:54	00:00:15
    08:03:09	00:00:15
    08:03:24	00:00:15
    08:03:39	00:00:15
    08:03:54	00:00:15
    08:04:09	00:00:15
    08:04:24	00:00:15
    08:04:39	00:00:15
    08:04:55	00:00:16
    08:05:09	00:00:14
    08:05:24	00:00:15
    08:05:39	00:00:15
    08:05:54	00:00:15
    08:06:09	00:00:15
    08:06:24	00:00:15
    08:06:39	00:00:15
    08:06:54	00:00:15
    08:07:09	00:00:15
    08:07:24	00:00:15
    08:07:39	00:00:15
    08:07:54	00:00:15
    08:08:09	00:00:15
    08:08:24	00:00:15
    08:08:39	00:00:15
    08:08:54	00:00:15
    08:09:09	00:00:15
    08:09:24	00:00:15
    08:09:39	00:00:15
    08:09:54	00:00:15
    08:10:09	00:00:15
    08:10:24	00:00:15
    08:10:39	00:00:15
    08:10:54	00:00:15
    08:11:09	00:00:15
    08:11:24	00:00:15
    08:11:39	00:00:15
    08:11:54	00:00:15
    08:12:09	00:00:15
    08:12:24	00:00:15
    08:12:39	00:00:15

    I will send to you via e-mail a export of the wp_login_security_solution_fail table to help in your diagnosis.

    Thanks for your support Dan!

    Cheers,
    Dean.

    http://wordpress.org/extend/plugins/login-security-solution/

  2. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    For the record here, I've been working with Dean on this via back channels. So far, my test "attacks" on his site have been unable to reproduce the problem.

  3. Dean Taylor
    Member
    Posted 1 year ago #

    I can confirm Daniel's active work in attempting to reproduce the issue.

    Dan: Thank you for your continued support.

  4. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    Hi Dean:

    Have you been able to reproduce the problem by "attacking" your site with the Bash script I sent?

    --Dan

  5. Dean Taylor
    Member
    Posted 1 year ago #

    Hi Dan:

    Sadly work load hasn't provided me with any time to work with it.

    Dean.

  6. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    Okay. I sincerely think the odd behavior here is a fluke by the server. I'll close this for now. If you're able to reproduce it, please reopen this thread with more details.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic