Support » Plugin: Login LockDown » Just notice error in nginx error log for multisite

  • Resolved Action Turtle

    (@benjaminbernard)



    I get this error when ever a user logs out… not quiet sure what it means but i guess login lockdown is looking for a table that does not exist…

    How much data are you keeping in the database? why is that registered in there when a user logs out? Are you logging all users in and out and keeping tack of that? Is the database loading up with data or is this deleted?

    I thought this was a simple plugin that just would use the database to hold last few log entries but would delete them later…

    here is the error code I have been getting :

    2014/08/03 08:28:21 [error] 996#0: *183728 FastCGI sent in stderr: “PHP message: WordPress database error Table ‘table name_4_lockdowns’ doesn’t exist for query SELECT user_id FROM tablename_4_lockdowns WHERE release_date > now() AND lockdown_IP LIKE ‘000.000.00%’ made by wp_signon, wp_authenticate, isLockedDown” while reading response header from upstream, client: 000.000.000.000, server: servername, request: “GET /wp-login.php HTTP/1.1”, upstream: “fastcgi://unix:/var/run/php5-fpm.sock:”, host: “website-name”

    values omitted for security…

    Thanks!

    https://wordpress.org/plugins/login-lockdown/

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author mvandemar

    (@mvandemar)

    Login LockDown does not record when people log out, only when they try and log in. You can tell that was initiated by the wp_signon function. The query listed isn’t one that records data, but rather one that looks up to see if a user is currently logged out. I have no idea why wp_signon would be called when someone logs out though.

    As far as the login attempts go, the data is retained curently, although I do intend to build in a flush option in the next release. The error you are getting is due to issues the plugin has with multisite installations, which is a known issue that will also be fixed in the next release.

    -Michael

    That sounds awesome! And flushing at the end of the night or after a day or two or having the option to set what we want would be amazing…

    Could I make one small request for a future version 🙂 Could the plugin email us after a set number of logouts has happened? So say 10 logouts happen in a row then I get an email of a potential brute force attack…

    Thanks so much!

    Plugin Author mvandemar

    (@mvandemar)

    I am guessing you mean login attempts, and not log outs, correct? Or did you mean lock outs, eg. failed attempts that result in a block?

    Either way, I do plan on incorporating options for emails of activity, although I am not sure yet how I am going to group the options or limit the emails to not trigger any issues with the hosts.

    -Michael

    Sorry haha yea… Wow don’t know why I wrote logout I mean lockout… so small yet so different 🙂

    So yes… It would be very cool if after 10 lockouts happen in a row of say in 10 minutes time it would email the admin of the site… If it continued happening the next 10 lockouts it would send a more urgent email “you are being attacked”…

    Maybe limiting the emailing in this way will keep resources low on the host… Another idea to keep resources low… Would it be possible to write the lockouts to a .log file rather than the database?

    I think it would be cool because it would give you the option of tailing it… might be very revealing while under attack… This would also help keep resources low as you are taking up space with lockouts in the database… Yea a lockout or two a day does not matter but if your legitimately attacked you could be hit by crazy amounts of IP’s causing your database connections to fill up just trying to write the lockouts… (I am still new so maybe its such small data thats not a issue) But I would think it could be depending on scale of attack…

    So on the 20th lockout (second set of 10) You maybe get your second “urgent you are under attack” email and it has a link to the log file to see what is going on…

    Maybe all this can be the pro-version 😉 I would happily pay or donate for these additional features…

    Thanks for all your time and hard work!

    David Sword

    (@davidsword)

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Just notice error in nginx error log for multisite’ is closed to new replies.