Think i have this wrong

Resolved mrppp
(@mrppp)

12 years, 3 months ago

I have
`# Protect wp-login.php from Brute Force Login Attacks based on Server Protocol
# All legitimate humans and bots should be using Server Protocol HTTP/1.1
RewriteCond %{REQUEST_URI} ^/wp-login\.php$
RewriteCond %{THE_REQUEST} HTTP/1\.0
RewriteRule ^(.*)$ – [F,L]

# BLOCK/FORBID Spammers etc
Order Allow,Deny
Deny from 95.211.156.228
Deny from 178.162.199.35
Deny from 178.162.199.78
Deny from 178.162.199.70
Deny from 95.211.159.93
Deny from 95.211.159.66
Deny from 178.162.199.87
Deny from 186.87.168.204
Deny from 187.94.215.191
Deny from 187.6.232.44
Deny from 151.77.47.183
Deny from 151.77.47.183
Deny from 187.6.232.44
Allow from all`

in CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE

it should go in CUSTOM CODE BRUTE FORCE LOGIN PAGE is that correct, so i just need to remove and paste in latter then save again run magic buttons again?PROTECTION

or am i getting confused?

http://wordpress.org/plugins/bulletproof-security/

Viewing 11 replies - 1 through 11 (of 11 total)

Plugin Author

(@aitpro)

It can go in either Custom Code text box. We briefly tried to make the Brute Force Login page protection code standard code in BPS. 95% of websites/servers can use that code without any problems. 5% of websites/servers cannot use that code so we had to remove it as standard BPS code and reverted back to it being Bonus Code. The CUSTOM CODE BRUTE FORCE LOGIN PAGE text box needed to remain in order to work in the widest range of scenarios and to prevent any additional issues/problems.

Thread Starter

mrppp

(@mrppp)

12 years, 3 months ago

thanks i note in the box it has
RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$

but i have
RewriteCond %{THE_REQUEST} HTTP/1\.0

do i need the $

Plugin Author

AITpro

(@aitpro)

12 years, 3 months ago

Nope you do not need the $. The rule works the same either way.

Thread Starter

mrppp

(@mrppp)

12 years, 3 months ago

Thank you.

Plugin Author

AITpro

(@aitpro)

12 years, 3 months ago

Actually I just noticed that you posted 2 different conditions. You should actually be using both conditions below, with or without the $, but the $ is probabaly better to use.

The Brute Force Login page protection code was updated at some point here: http://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/

This is the final code that will never change again.

# BRUTE FORCE LOGIN PAGE PROTECTION
# Protects the Login page from SpamBots & Proxies
# that use Server Protocol HTTP/1.0 or a blank User Agent
RewriteCond %{REQUEST_URI} ^(/wp-login\.php|.*wp-login\.php.*)$
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR]
RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$
RewriteRule ^(.*)$ - [F,L]

Thread Starter

mrppp

(@mrppp)

12 years, 3 months ago

Ok so use

# BRUTE FORCE LOGIN PAGE PROTECTION
# Protects the Login page from SpamBots & Proxies
# that use Server Protocol HTTP/1.0 or a blank User Agent
RewriteCond %{REQUEST_URI} ^(/wp-login\.php|.*wp-login\.php.*)$
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR]
RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$
RewriteRule ^(.*)$ - [F,L]

with

# BLOCK/FORBID Spammers etc
Order Allow,Deny
Deny from 95.211.156.228
Deny from 178.162.199.35
Deny from 178.162.199.78
Deny from 178.162.199.70
Deny from 95.211.159.93
Deny from 95.211.159.66
Deny from 178.162.199.87
Deny from 186.87.168.204
Deny from 187.94.215.191
Deny from 187.6.232.44
Deny from 151.77.47.183
Deny from 151.77.47.183
Deny from 187.6.232.44
Allow from all

in
CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE

# BRUTE FORCE LOGIN PAGE PROTECTION
# Protects the Login page from SpamBots & Proxies
# that use Server Protocol HTTP/1.0 or a blank User Agent
RewriteCond %{REQUEST_URI} ^(/wp-login\.php|.*wp-login\.php.*)$
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR]
RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$
RewriteRule ^(.*)$ - [F,L]
# BLOCK/FORBID Spammers etc
Order Allow,Deny
Deny from 95.211.156.228
Deny from 178.162.199.35
Deny from 178.162.199.78
Deny from 178.162.199.70
Deny from 95.211.159.93
Deny from 95.211.159.66
Deny from 178.162.199.87
Deny from 186.87.168.204
Deny from 187.94.215.191
Deny from 187.6.232.44
Deny from 151.77.47.183
Deny from 151.77.47.183
Deny from 187.6.232.44
Allow from all

Plugin Author

AITpro

(@aitpro)

12 years, 3 months ago

Actually I see one thing that needs to be changed in the description text.

# Protects the Login page from SpamBots & Proxies

# Protects the Login page from SpamBots, HackerBots & Proxies

Plugin Author

AITpro

(@aitpro)

12 years, 3 months ago

Yes

Thread Starter

mrppp

(@mrppp)

12 years, 3 months ago

# BRUTE FORCE LOGIN PAGE PROTECTION
# Protects the Login page from SpamBots, HackerBots & Proxies
# that use Server Protocol HTTP/1.0 or a blank User Agent
RewriteCond %{REQUEST_URI} ^(/wp-login\.php|.*wp-login\.php.*)$
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR]
RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$
RewriteRule ^(.*)$ - [F,L]
# BLOCK/FORBID Spammers etc
Order Allow,Deny
Deny from 95.211.156.228
Deny from 178.162.199.35
Deny from 178.162.199.78
Deny from 178.162.199.70
Deny from 95.211.159.93
Deny from 95.211.159.66
Deny from 178.162.199.87
Deny from 186.87.168.204
Deny from 187.94.215.191
Deny from 187.6.232.44
Deny from 151.77.47.183
Deny from 151.77.47.183
Deny from 187.6.232.44
Allow from all

Plugin Author

AITpro

(@aitpro)

12 years, 3 months ago

Yes

Thread Starter

mrppp

(@mrppp)

12 years, 3 months ago

Cheers top man!!

Viewing 11 replies - 1 through 11 (of 11 total)

The topic ‘Think i have this wrong’ is closed to new replies.