Thread Starter
Tidyup
(@tidyup)
Oh, and I had email notifictions set to 0, so I should never have got the numerous emails anyway.
Thread Starter
Tidyup
(@tidyup)
So my first email was here:-
21 failed login attempts and 4 lockout(s) from IP 152.74.241.100
Last Login Attempt : 11/02/2016 03:24:28
Last User Attempt : xxxxx
IP has been blocked until : 02/18/2016 03:24:28
Last one here
76 failed login attempts and 15 lockout(s) from IP 152.74.241.100
Last Login Attempt : 11/02/2016 03:27:14
Last User Attempt : xxxxxx
IP has been blocked until : 02/18/2016 03:27:14
So some kind of bot hammering away for 3 mins or so.
Hi,
We are trying to replicate this issue on our servers.
Is it possible for you to post the settings that you are using so that we can re-create the same scenario in our test environment.
You can also submit a support request here :
http://loginizer.com/contact.html
Thread Starter
Tidyup
(@tidyup)
Hi,
Here’s my settings:-
Max retries 5
Lockout time 10080
Max lockouts 5
Extend lockout 240
Reset retries 24
Email notifiction 0
This is what it was when it happened. I have since added Lockdown WP so the admin is harder to find for hackers. I hope you can find or replicate the issue.
FYI, it was on this site http://dynamic-youth-support-services.com/ but tehre’s nothing too clever about it.
Thread Starter
Tidyup
(@tidyup)
Hi,
Looking in the log files of the server, see this, might help?
152.74.241.100 – – [11/Feb/2016:03:23:28 +0000] “POST /xmlrpc.php HTTP/1.0” 200 182 “-” “-“
152.74.241.100 – – [11/Feb/2016:03:23:29 +0000] “POST /xmlrpc.php HTTP/1.0” 200 404 “-” “-“
152.74.241.100 – – [11/Feb/2016:03:23:31 +0000] “POST /xmlrpc.php HTTP/1.0” 200 54972 “-” “-“
152.74.241.100 – – [11/Feb/2016:03:23:34 +0000] “POST /xmlrpc.php HTTP/1.0” 200 54972 “-” “-“
152.74.241.100 – – [11/Feb/2016:03:23:37 +0000] “POST /xmlrpc.php HTTP/1.0” 200 54972 “-” “-“
152.74.241.100 – – [11/Feb/2016:03:23:40 +0000] “POST /xmlrpc.php HTTP/1.0” 200 54972 “-” “-“
152.74.241.100 – – [11/Feb/2016:03:23:42 +0000] “POST /xmlrpc.php HTTP/1.0” 200 54972 “-” “-”
Thread Starter
Tidyup
(@tidyup)
I thinking they have been piggybacking off the xmlrpc file to try to do something to hack in. I can mail you the log file if you give me an email address, but this should perhaps give you more to work with??? Let me know if I can do anything else.. damn those hackers 🙁
Tidyup,
Thank you for sharing the details.
We will definitely work on replicating the issue on our servers.
You can surely email us the logs via email at support[@]loginizer[.]com and we can check it for you.
Tidyup,
We were able to replicate the scenario on our test servers. It looks like you were using Loginizer version 1.0 hence you received the emails even if the setting was disabled. This was already fixed in 1.0.1
Regarding the other issue that the user was able to attempt login even when you had set the extended lockout to 10 days was because your user was attempting to login using XML-RPC which was not handled by Loginizer. We have fixed this issue in 1.0.2 which we released couple of moments back.
Please upgrade the plugin to 1.0.2 and all your issues should be resolved.
Looking at your settings I would also suggest you to increase the “Reset retries” to something more than “Extend lockout” because even if you have set the user should be blocked for 10 days the logs will be cleared after 24 hours allowing the user to attempt login again.
Thread Starter
Tidyup
(@tidyup)
Hi, I’ve updated to 1.0.2 and thanks for the tip on the reset retries. Be really nice to have some kind of hover help tip over each section to guide you :o)
Glad you managed to replicate and fix this issue, great job.
Tidyup,
Glad to know your issue was resolved.
Thank you for your suggestion.
We will definitely add help tip in the plugin soon.
