False Positive Mails??

Hi,

We receive many alert mails from our Sucuri installation with warnings that somebody tries to login into our blog. (Just today about 30 – 50)
The strange thing is, that we removed the wp-login.php at all and checking the web server logs doesn’t reflect these attempts to login.

The explanation and suggested solutions doesn’t work for us. Either disabling alerts or to buy the website-firewall.

Could you explain how sucuri detects login attempts that doesn’t appear in the web server log files nor without an wp-login.php?

This is one example alert mail:
———————–
INFORMATION:
Website: OurDomain.de
IP Address: 34.204.53.45
Date/Time: 07/09/2017 15:17
MESSAGE:
User authentication failed: admin

Explanation: Someone failed to login to your site. If you are getting too many of these messages, it is likely your site is under a password guessing brute-force attack [1]. You can disable the failed login alerts from here [2]. Alternatively, you can consider to install a firewall between your website and your visitors to filter out these and other attacks, take a look at Sucuri Firewall [3].

[1] https://kb.sucuri.net/definitions/attacks/brute-force/password-guessing
[2] https://OurDomain.de/wp-admin/admin.php?page=sucuriscan_settings
[3] https://sucuri.net/website-firewall/

Details the plugin readme.txt:
=== Sucuri Security – Auditing, Malware Scanner and Security Hardening ===
Stable tag: 1.8.11

• This topic was modified 8 years, 9 months ago by derkaan.
• This topic was modified 8 years, 9 months ago by derkaan.