'Admin' brute force attacks

  • Resolved rpsellers

    (@rpsellers)


    8 years, 6 months ago

    I’ve seen a HUGE uptick in brute force attacks recently, most attempting to login as “admin.” Since all my sites have long since removed the admin user, I have the box ticked on every Ithemes security install to “Immediately ban a host that attempts to login using the “admin” username.”

    But that functionality appears to not be working, or at least not be working as it’s listed. I get the message and see the logs that these many hosts are “locked out” but they aren’t “banned.” (In a few cases, I will get the email notice that they’ve been “banned permanently” but that’s usually a result of the settings I’ve chosen for the same IP address attempting logins within the time settings I’ve set.)

    Does anyone know of a way to make at automatic – and permanent – ban for anyone attempting a login with “admin?”

    https://wordpress.org/plugins/better-wp-security/

Viewing 8 replies - 1 through 8 (of 8 total)
  • Chadest

    (@chadest)

    8 years, 6 months ago

    I’m in the same situation. Loads of attempts using ‘admin’. But despite my being set to ban the host, its just locked out.

    Why aren’t they banned if thats what I told the plugin to do?

    dwinden

    (@dwinden)

    8 years, 6 months ago

    The descriptive text of this setting is incorrect.
    (permanent)ban=(temporary)lockout

    Which means only after 3 (default) admin login attempts (=temp lockouts) within 7 (default) days from the same ip address the ip address will be permanently auto banned (assuming the Blacklist Repeat Offender and Ban Users settings are enabled).

    Also make sure to update to the latest iTSec plugin release (5.0.1).
    There was a bug fixed in the 5.0.0 release that prevented the plugin from permanently auto banning ip addresses. Unfortunately this fix was not mentioned in the 5.0.0/5.0.1 Changelog …

    dwinden

    dwinden

    (@dwinden)

    8 years, 6 months ago

    @rpsellers

    If you require no further assistance please mark the topic as ‘resolved’.

    dwinden

    dwinden

    (@dwinden)

    8 years, 6 months ago

    @rpsellers

    If you require no further assistance please mark the topic as ‘resolved’.

    dwinden

    Thread Starter rpsellers

    (@rpsellers)

    8 years, 6 months ago

    @dwinden:

    Once was enough.

    Resolved.

    dwinden

    (@dwinden)

    8 years, 6 months ago

    @rpsellers

    There are 2 checkboxes displayed at the bottom when you open this topic:

    [v]Notify me of follow-up posts via email
    [ ]Mark this topic as resolved

    Please tick the “Mark this topic as resolved” checkbox and then click on the Post button …

    Thank you.

    dwinden

    Thread Starter rpsellers

    (@rpsellers)

    8 years, 6 months ago

    My apologies on that. If I were actually paying attention to the radio boxes I would have noticed it.

    SRD75

    (@srd75)

    8 years, 3 months ago

    I think it would be optimal behaviour to immediately permanently ban a user who has tried to login as admin, when you have selected “immediately ban a host that attempts to login using the “admin” username.”

    Setting conditions on a permanent ban just gives them more attempts to try and login.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘'Admin' brute force attacks’ is closed to new replies.