Support » Plugin: iThemes Security (formerly Better WP Security) » Banning not working after migrate to new server.

  • Resolved TC.K

    (@wp_dummy)



    I recently migrate my site to a new server. However after the migration I notice that the banning not working any more.
    I have enabled 404 detection and brute force protection, but when a visitor/user exceed the number that allowed, it is not banning.
    I can see the failed login attempt and 404 page in the log file.

    I am using nginx as the server, btw.

    https://wordpress.org/plugins/better-wp-security/

Viewing 15 replies - 1 through 15 (of 23 total)
  • @tc.K

    Make sure your WP Timezone is set correctly (Settings->General).

    Also make sure the iTSec plugin Local Brute Force Protection setting is enabled.

    Addendum
    You are using the word banning in your problem description but I think you are referring to lockouts.
    This is important because banning is permanent while lockouts are temporary.

    dwinden

    The setting is correct and yes the Local Brute Force Protection is enabled. Not only Brute Force protection not working the 404 detection also not working.
    I can see the attacks and 404 in the log, but it just not lockout users nor ip.

    Yes, my bad, it is lockouts that I meant.

    @tc.K

    Log into your database using phpMyAdmin and then check there are a number of records in the wp_itsec_temp table. It should not be empty.
    If not empty upload a screenshot of the data displayed.

    While you are at it also check the wp_itsec_lockouts table. When lockouts are not working this table should be empty…

    dwinden

    @dwinden

    I am not using phpMyAdmin, I am using command line to access the database. This is what I found in the table:
    +`———+————–+———————+———————+—————–+———–+—————+
    | temp_id | temp_type | temp_date | temp_date_gmt | temp_host | temp_user | temp_username |
    +———+————–+———————+———————+———-
    | 39066 | four_oh_four | 2015-11-04 06:17:27 | 2015-11-03 22:17:27
    | 39094 | brute_force | 2015-11-04 10:13:14 | 2015-11-04 02:13:14 | 175.139.156.101 | NULL | NULL |
    | 39095 | brute_force | 2015-11-04 10:13:14 | 2015-11-04 02:13:14 | NULL | 809 | admintest |
    …..
    ….`
    There are plenty of records I just show few of them.

    @tc.K

    Ok, its not much data but this data looks fine. However there is too little data to be conclusive. Only thing I noticed is the high temp_id numbers.
    Over 39000 ! Surely there are not that many records in the wp_itsec_temp table…

    Anyway it could indicate high logging activity due to one or more heavy brute force attacks or your site has many 404s …
    It could also be you’ve been using the iTSec plugin for a long while …

    Is the wp_itsec_lockouts table empty ?

    Difficult to say what’s happening.

    A little test might help.
    Make sure the Automatically ban “admin” user setting is enabled in the Brute Force Protection section.
    Then try and login as ‘admin’ (use incorrect password if admin user still exists) and see whether you are immediately locked out.
    Also make sure your IP is not whitelisted …
    Remember lockouts are temporary so it’s a safe test.

    dwinden

    @dwinden, thanks for your reply.

    However there is too little data to be conclusive. Only thing I noticed is the high temp_id numbers.
    Over 39000 ! Surely there are not that many records in the wp_itsec_temp table…

    The data are similars, and yes the site has been using the iTSec plugin for a long while, that’s why the record is so high..

    Is the wp_itsec_lockouts table empty ?

    No, there are many data in the tables. But what I found is after the migration date, there are no records added. Means it’s not working after the migration.

    A little test might help.
    Make sure the Automatically ban “admin” user setting is enabled in the Brute Force Protection section…..

    Tried, but it’s not working, I am not logout when using admin to logged in.

    What could possible happened to caused this plugin stop to work after server migration? I did upgrade the plugin to the latest version on the new server before I import database from the old server. Will this is the reason why it’s not working?

    What could possible happened to caused this plugin stop to work after server migration? I did upgrade the plugin to the latest version on the new server before I import database from the old server. Will this is the reason why it’s not working?

    Maybe. From what iTSec plugin version did you update to the latest release (5.1.0) ? (5.0.0\5.0.1, 4.9.0, 4.8.0, 4.6.x or even lower\older).

    Verify that the Build Version: is 4038 in the iThemes Security variables section of the System Information metabox on the iTSec plugin Dashboard page (you can find it all the way at the bottom of the System Information metabox).

    Did you use a Database Backup file created by the iTSec plugin to import the database ?

    Since there are no lockouts occurring there must be an error happening.
    Check your webserver error_log for any errors …

    If you still cannot find what is causing this problem I think it is best to reset the plugin back to factory defaults. This can be done by TEMPORARILY defining the ITSEC_DEVELOPMENT constant in the wp-config.php file and then DEactivating and REactivating the plugin. This way all iTSec plugin database metadata will be reset. Old log data as well as your current iTSec plugin settings will be lost. So you might want to take some notes first.

    IMPORTANT NOTE:

    REMEMBER TO DELETE THE ADDED ITSEC_DEVELOPMENT CONSTANT LINE IN THE wp-config.php FILE AFTERWARDS !!!

    This is the line added manually that needs to be removed again:

    define('ITSEC_DEVELOPMENT', true);

    dwinden

    Yes the build version is 4038.

    Did you use a Database Backup file created by the iTSec plugin to import the database ?

    Nope, I using mysql command line to backup/restore database.(It hosted in DigitalOcean and moved to other VPN)

    Check your webserver error_log for any errors

    Nope, nothing found.

    So now i can only try to reset the plugin.
    Will let you after I done the resetting.

    Thanks.

    @tc.K

    Any news regarding the iTSec plugin reset ?

    dwinden

    @dwinden,
    I tried, unfortunately it’s still now working.
    I am wondering if this has something to do with the server configuration.
    I got this issue as well, regarding the server. I think maybe this two issue is related?

    @tc.K

    I anticipated that might happen. This might indicate a server config issue. An iTSec plugin host\user(name) lockout is a PHP\MySQL only feature. So any problems with including the plugin conf file in the NGINX config is irrelevant. Only when multiple lockouts result in a permanent host ban the config file is relevant …

    Please compare the full techstack of the old server with the new server.
    This way we can identify the exact differences of the 2 envs.

    So compare OS (version), webserver version, PHP version, MySQL version, WP version, iTSec plugin version …

    dwinden

    The spec of two server are almost identical, using ubuntu0.14.04, with php5 and nginx. The only difference is that the old server database was using mysql, wheres the new server uses mariadb. Though I doubt it is the issue.

    @tc.K

    Temporarily install MySQL and test on the new server …
    If it works …;-)

    Or send me the database export file and I’ll test it for you.

    dwinden

    @dwinden,
    Ok, I will try to use Mysql as a test, and report back. Thanks.

    @dwinden,

    0 = A Whitelisted Host Has Triggered A Lockout Condition But Was Not Locked Out.

    I have whitelisted my ip and I got this log message when try login via admin and test access 404 pages (more then numbers in configuration).

    So, this means it is working right? I am not using Mysql.

Viewing 15 replies - 1 through 15 (of 23 total)
  • The topic ‘Banning not working after migrate to new server.’ is closed to new replies.