Attack does not trigger delays.

  • Resolved tombyrnes

    (@tombyrnes)


    11 years, 7 months ago

    FANTASTIC plugin. Only in 2 days and it’s already earning its keep. I just have a minor query.

    The site underwent a brute force attack yesterday. The attacker tried on 100 consecutive occasions to login as admin. The records logged in the “failure” table indicate that not only did he have the same “network id” (ie first 3 parts of an IP4 address), but they had the exact same IP address and same user name (admin).

    However, they never got promoted to tier 2, let alone tier 3. Again, according to the table, each new attempt followed on at roughly 5 seconds after the previous. I’ve looked at the code (which looks really neat!) and I can’t see how this could happen. I can only assume that there must be some arrangement of concurrent attempts but slightly staggered.
    Can anyone offer any ideas?

    I hope you are able to implement the culling of old records from the table at some point. Thanks again.

    https://wordpress.org/plugins/login-security-solution/

Viewing 1 replies (of 1 total)
  • Plugin Author Daniel Convissor

    (@convissor)

    11 years, 7 months ago

    Multiple computers can be making the attack, possibly behind a NAT device. Or the computers may stop waiting for a response after 5 seconds and then try again.

Viewing 1 replies (of 1 total)

The topic ‘Attack does not trigger delays.’ is closed to new replies.