WordPress.org

Support

Support » Plugins and Hacks » [Resolved] Feature Request: Block distributed attacks (Ignore IP)

[Resolved] Feature Request: Block distributed attacks (Ignore IP)

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Daniel Convissor
    Member

    @convissor

    A simple way to keep sites from getting totally bogged down is to adjust the LSS’ “Delay Tier 2” and “Delay Tier 3” settings to large numbers.

    I really like your plugin, but sleeping for 60 seconds dont solve brute force attacks.

    I got 2500 failed login attempts in couple hours (dramaticly slowed my server regular pw page loads took 30-50 seconds to generate on dedicated server) which could be prevented if you add feature to block by ip for couple hours instead of sleep(10-60) seconds.

    Something like in “Limit Login Attempts” plugin which blocks access for 20 min. on 4 failed logins, blocks 24 hours on 12 failed logins.

    in which you get max 12 failed login in 24 hours instead of 2500 failed login attempts in couple hours.

    “Limit Login Attempts” is not solving server load problem as well. it just denies login request for certain amount of time.

    Problem is loading wp-login.php and all wordpress files 30-50 MB to the memory and them blocking user with sleep or error message. This is not solving problem of server overload and crashes.

    Only possible solution that worked for me is use fail2ban as described here :
    http://codepoets.co.uk/2013/fail2ban-filter-for-wordpress/

    before using fail2ban: load avarage was getting to 100 several times a day leading to server crashes.
    after using fail2ban: load avarage stayed below 1 most of the time.

    I don’t know how it can be added to your plugin, just wanted to help if others have similar problems.

    regards.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘[Resolved] Feature Request: Block distributed attacks (Ignore IP)’ is closed to new replies.