WordPress.org

Ready to get started?Download WordPress

Forums

Login Security Solution
[resolved] wordpress Security using login security solution (6 posts)

  1. roxor
    Member
    Posted 1 year ago #

    Hi,
    I get a lot of emails (600-1000 emails) daily saying "Your website, is undergoing a brute force attack." from Login Security Solution plugin.
    I am using WP 3.4 and Login-Security-Solution 0.21.0
    It is a multisite subdomain install.(1,605 sites and 1,834 users.)
    Some mails are like

    Your website, NAME, is undergoing a brute force attack.
    There have been at least 5860 failed attempts to log in during the past 120 minutes that used one or more of the following components:
    Component Count Value from Current Attempt
    ------------------------ ----- -----------------------------
    Network IP 243 58.213.46
    Username 5860 kdsjfkwef496
    Password MD5 5859 017d6dd98b4c263ea6fcd7ce4ae32186

    Others are like

    Your website, kdsjfkwef496, may have been broken in to.
    Someone just logged in using the following components. Prior to that, some combination of those components were a part of 2538 failed attempts to log in during the past 120 minutes:
    Component Count Value from Current Attempt
    ------------------------ ----- ------------------------------
    Network IP 2538 71.4.228
    Username 2538 kdsjfkwef496
    Password MD5 0 ed96f784c58cbc81f550f9b9f6041e33
    The user has been logged out and will be required to confirm their identity via the password reset functionality.

    What should i do about them, this really scares me off.
    My settings are here http://www.mediafire.com/view/?uvv51897d2ocn9g
    What other measures should I take ?
    I have also installed these plugins alongside for more security.
    Stop Spammers Plugin (also shows similar statistics)

    Stop Spammers has stopped 2552 spammers since 2012/08/12

    Limit Login Attempts Plugin (also shows number of lockouts with IP)

    91.207.6.174 brunoshindelsr (1 lockout), terrencepanicort (1 lockout), darellcolborncb (1 lockout), nevillekoharazq (1 lockout)
    46.23.76.52 wordpress (1 lockout), pools (2 lockouts), saunas (1 lockout)

    Akismet says (has protected your site from 2,385 spam comments already.)
    SI Captcha etc..
    Thank-you

    http://wordpress.org/extend/plugins/login-security-solution/

  2. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    Are those the exact user names and quantities in the emails, or have you altered them?

    Are you behind a proxy, load balancer, etc that presents WP with a given (set) of IP addresse(s) in REMOTE_ADDR instead of WP receiving each user's actual IP address?

    I couldn't see your settings because mediafire is requires JavaScript. You'll probably want to increase the "Failure Notification" number so you don't get soooo many emails.

  3. roxor
    Member
    Posted 1 year ago #

    Nope, I haven't altered anything.
    today's mail
    inside those emails
    my settings

    Are you behind a proxy, load balancer, etc that presents WP with a given (set) of IP addresse(s) in REMOTE_ADDR instead of WP receiving each user's actual IP address?

    I don't understand fully the terms but F.Y.I. i have rented a shared server for testing plugins and themes for the site before it finally rolls out.
    And the registration & members are mostly spams, I allowed that because I wanted to know how much resources n management would it need and also learn about scalibilty issues ..etc
    Do you think this is because of shared host & IP. And security would eventually get better when I start with dedicated servers and IPs ?

  4. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    Hi Roxor:

    Wait a second. You're letting random people (and robots) sign up for accounts on your site? In all seriousness, you are compromising the security of everyone on the Internet.

    Please read the "Securing Your WordPress Site is Important" section from the Description page of my plugin at http://wordpress.org/extend/plugins/login-security-solution/.

    Blow away your existing WordPress installation. Now.

    I'd guess your domain name's reputation is shot, plus miscreants will continue to try to use any WP install you put up on it. Seems like you need a new domain.

    Good luck,

    --Dan

  5. roxor
    Member
    Posted 1 year ago #

    I am NOT using the actual domain what I have planned and saved to use for my project. Its just a cheap test domain.
    And i have chosen it wisely as i knew this would effect the quality of the domain in long term, So i picked up a name (wrongly spelled) which probably no-one would ever use.
    Well i didn't realize that i am compromising everyone's security on the Internet this way. Thanks for the information Daniel. I will refresh my wordpress installation right away.

  6. Daniel Convissor
    Member
    Plugin Author

    Posted 1 year ago #

    Roxor:

    Thanks for being reasonable. Glad you were thinking ahead with the domain name. I suggest disabling the ability of the general public to create accounts.

    There are many tools out there for benchmarking websites to determine what you'll need in the way of resources. One example is ab (Apache Benchmark). There's no need to open your site up for public logins.

    For the remainder of your testing, you may want to set up some .htaccess or server level rules to only permit access to the site from the IP addresses you (and your associates) are coming in from. Example:

    Order deny,allow
    Deny from all
    Allow from 81.83.1.8

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic