Illogical system message

Resolved Max Beta
(@max-beta)

10 years, 11 months ago

I don’t have a user called “admin”. This is also marked in green in the Critical Feature Status panel. I also use a renamed login page.

Now I get an email saying this in Swedish:
På grund av alltför många inloggningsförsök eller felaktiga användarnamn, är du blockerad:
Username: admin

Quick translation: … too many login attempts… YOU are blocked.

I can understand that this was not me but it’s strange semantics since the WP plugin should know I’m not using such a user name.

Further more… the site has been handed over to my client who knows nothing about these things. My client will not understand this message and think he is blocked.

And what about the renamed login page? I use a Swedish word and it was activated a month ago. Is it reasonable to think that hackers brute forced this word in so short timespan? Should I change it again?

https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/

Viewing 14 replies - 1 through 14 (of 14 total)

Plugin Contributor mbrsolution
(@mbrsolution)

10 years, 11 months ago

Hi, can you change the secret word to something different. Report back if you still get the same error message. Can you also confirm that you don’t have any other security plugin? Is this a membership site? If it is, do you know if there are any members with an admin name?

Thread Starter Max Beta
(@max-beta)

10 years, 11 months ago

There are only two users, me and my client. It’s not a membership site. No other security plugins are used.

I received 3 emails but i changed the secret word now.

What about the language in the message? Bad translation or the same problem in English?

Plugin Contributor mbrsolution
(@mbrsolution)

10 years, 11 months ago

Your translation in English is very good 🙂

Thread Starter Max Beta
(@max-beta)

10 years, 11 months ago

I’m not referring to the translation I did in my message.

I’m asking about the general usage of the word “you” in these messages. Clearly I wasn’t the one doing bad login attempts so why does the email say that I have been banned?

It should say something like this instead:
This user has been banned:
Username: admin

So my question is if this is more clear in the original English message or if it’s a general problem (you should look into)

– – –

Further more … I just mentioned that I changed the secret word but I have now received two more emails since then.

Plugin Contributor mbrsolution
(@mbrsolution)

10 years, 11 months ago

Hi, sorry for misunderstanding your original question above. I now understand what you mean. One of the plugin developers will look further into your question.

Regards

Thread Starter Max Beta
(@max-beta)

10 years, 11 months ago

I took a look at my hosts support site. They have reported two DDos attacks – one yesterday and one today. These events happened approximately the same time as the
warning emails. So it definitely looks connected.

I can still not understand how something can trigger the login warning when I use a 12 character long secret word for that page.

Plugin Contributor mbrsolution
(@mbrsolution)

10 years, 11 months ago

Hi, check to see if you have the following enabled. Go to WP Security -> Firewall -> Basic Firewall Rules, locate the following Enable Pingback Protection:. Disable this option if it is enabled. Make sure you read the help information about this option by clicking on the More Info link next to this option.

Thread Starter Max Beta
(@max-beta)

10 years, 11 months ago

This setting is not activated.

The DDos attack was “averted and operation restored to normal” 3 hours ago according toe the support blog but I’ve seen 5-10 emails since then too.

Plugin Contributor mbrsolution
(@mbrsolution)

10 years, 11 months ago

Have you performed a file scan detection using the following tool under Scanner?

Thread Starter Max Beta
(@max-beta)

10 years, 11 months ago

No I haven’t used that feature.

I noticed these things:
– The cache plugin was caching the login page. I excluded that page and change the secret word again.
– In the level above the site root there is a folder called logs. I downloaded this folder and searched for the secret word and could see it in the logs.
– I changed the FTP password

The emails are still rolling in though…

Plugin Contributor wpsolutions
(@wpsolutions)

10 years, 11 months ago

Is it reasonable to think that hackers brute forced this word in so short timespan? Should I change it again?

I don’t think they have guessed your secret word.
Try setting “Enable Pingback Protection” in firewall menu.

Plugin Contributor mbrsolution
(@mbrsolution)

10 years, 11 months ago

@max Beta sorry I meant to type enable like @wpsolutions mentioned. I just read my post and realized I provided the wrong information. I must have been thinking about something else not realizing I was giving you the wrong information. Sorry about that…:(

Thread Starter Max Beta
(@max-beta)

10 years, 11 months ago

I remember now. You mentioned this before and it breaks the WP iOS app. I’m not using the app very much but the problem is that when I want to use it next time several month have passed and I’ve forgotten all about this relation and will spend unnecessary time trying to fix that problem.

For me it would be good if the main panel in WPS said something about the app problem if this setting is activated.

– – –

I have activated it now so we’ll see if there’s any improvement the next hour or so.

I don’t understand much of these things but as a layman it sounds like if WP is pinging out my hidden login page?

Plugin Contributor mbrsolution
(@mbrsolution)

10 years, 3 months ago

I am marking this thread as resolved. No replies in 7 months.

Thank you

Viewing 14 replies - 1 through 14 (of 14 total)

The topic ‘Illogical system message’ is closed to new replies.