False Brute Force Detection
I’m seeing an issue with a couple of plugins but the most repeatable one is the “UpdraftPlus – Backup/Restore Version 18.104.22.168”
The daft thing is, the error messages I am seeing don’t actually make any sense.
Your website, “xxxxxxxxxx”, is undergoing a brute force attack.
There have been at least 0 failed attempts to log in during the past 120 minutes that used one or more of the following components:
Component Count Value from Current Attempt
———————— —– ——————————–
Network IP 0 xxx.xxx.xxx
Username 0 ‘xxxxxxxxxx’
Password MD5 0 xxxxxxxxxxxxxxxxxxxx
There are no failures recorded in the table “xxx_login_security_solution_fail” either.
So I’m struggling to work out (1) was there an error condition, and (2) what was the actual error?
The logs show that there were 0 attempts
All the counts were 0
It was the main admin account logged in from a fixed IP address.
And nothing was recording in the ‘login failed’ table, so there wasn’t any history.
The plugins this seems to effect are ones which have ‘long execution’ times. i.e in this instance, the back up process takes a finite time to complete and continually updates the user as to the status of the back up process, but we are only talking a few minutes (2-3 worst case).
But the thing that confuses me is nothing being logged?
Once detected though, it does cause the pages to load much much slower, which is impacting the running of the plugin itself (and fires off a bunch of emails under certain conditions, or 1 if I set it to ignore).
Is there anything else I should be looking at to see what is causing the failure?
- The topic ‘False Brute Force Detection’ is closed to new replies.