Here’s what I’m trying to assess for my site. I’ve been under recent repeated dictionary assault from the botnet, and while I don’t worry about them breaking into the site, the repeated waves of several thousand login attempts periodically slow the site to a crawl.
Naturally I use a standard login limiter set to a very low threshold and a long lockout period. Nonetheless, the botnet will typically make only one or two login attempts with an IP before cycling to another, thus evading my login lockout plugin, and this behavior will go on for hours.
You mentioned on another thread that BP acts after X (which I won’t repeat for security reasons) number of login attempts. Is that
– X number of attempts over BP’s history of any particular offending IP, whereafter the offending IP is blacklisted from all future attempts against any BP subscriber? For only a limited period? Permanently?
– X number of attempts against my particular site in any given attack session, thus making it, effectively, a redundant login lockout plugin set to a threshold higher than the one I’m already employing?
– X number of attempts across any number of BP subscriber sites in a particular session, after which the offending IP is a)locked out temporarily, allowing it to rinse and repeat? b)blacklisted permanently? c)?
The reason I ask is this. Overnight, my BP widget tally of attacks thwarted by BP jumped from single digits into high 3 digits. Great! But my activity logs also registered several thousand failed login attempts along with close to a hundred login lockouts.
Is what I am seeing BP acting before the fact of an even larger number of attacks against my particular site – because BP has to register the higher value X number of attacks across all subscriber sites during the attack period, after which these many hundred offending IPs BP just thwarted will never plague me again?
Or am I merely seeing BP registering attacks thwarted after the fact of my own, lower threshold defenses already having blocked them first while consuming memory/CPU on my site in the process?
I’m not trying to get you to give up your secrets publicly. I’m just not clear on exactly how effective BP is at exactly what on my site compared to my existing alternatives.
- The topic ‘Are offending IPs actually blacklisted in BP to prevent future attacks?’ is closed to new replies.