WordPress.org

Forums

Blue Captcha
New brute force login attach bypassing Blue Captcha (3 posts)

  1. Exploreguy
    Member
    Posted 11 months ago #

    Hello,

    I'm experiencing a brute force attack on my server. I have Blue Captcha and Limit Login Attempts installed. Until recent Blue Captcha has been the first line of defense and has done an excellent job of preventing bots from making reoccurring login attempts and has worked very successfully to prevent them from triggering them the Limit Logins Attempts plugin and logging methods

    However, now I'm seeing persistent and reoccurring login attempts from random IP address bypassing Blue Captcha and hitting the Limit Login Attempts plugin. These bots are not leaving any trace records in Blue Captcha but go directly to hitting the Limit Login Attempts plugin.

    I'm attaching links to two screen shots which I've just taken to day to show what is occurring.

    https://drive.google.com/file/d/0B78_0tA4WOnIWXJTQ1NONFNwdWM/edit?usp=sharing

    https://drive.google.com/file/d/0B78_0tA4WOnIMUx1TWFpWG9iU0U/edit?usp=sharing

    Any suggestions to help stop this would be very useful.

    Thanks!

    https://wordpress.org/plugins/blue-captcha/

  2. jotis
    Member
    Plugin Author

    Posted 11 months ago #

    Hello.

    This is really weird. Blue Captcha has strong hooks on login page and it's very difficult to bypass it.
    Does this happen to all new brute force attacks?

    Do you use extra plugins for login (like sidebar login, for example)?
    Did you install any new plugins lately?

    It would be useful to check raw access logs on your cpanel
    to see the raw links the attacker(s) used to login.

    For instance, do they look like:

    http://domain.com/wpsite/wp-login.php

    ???

    By the way, the logs from "Limit Login Attempts" (as shown in https://docs.google.com/file/d/0B78_0tA4WOnIMUx1TWFpWG9iU0U/edit ) don't list any other details (like date & time)? Are you sure that those attempts are not recorded in Blue Captcha logs in older dates?

    If you don't want to share "sensitive" information here, please contact through:

    http://mybluestuff.blogspot.gr/p/contact.html

  3. Exploreguy
    Member
    Posted 11 months ago #

    Hi Jotis,

    Thanks for the quick reply. All good questions.

    Does this happen to all new brute force attacks?

    No, this just started happening. No changes to the WP install were made or new plugin installed when this started happening. I was on a previous version of WP 3.9.0 when it started but upgraded to see if it was something with the WP version. It clearly didn't stop after the upgrade to WP.

    Do you use extra plugins for login (like sidebar login, for example)?

    The only plugin I use are BC and Limit Login Attempts.

    Did you install any new plugins lately?

    I did upgrade one plugin but it wasn't security related. I think it was Simple Backup. No new plugins where installed

    Are you sure that those attempts are not recorded in Blue Captcha logs in older dates?

    I checked the entire BC logs and none of the IPs from the Limit Login Attempts log appear in the BC log.

    Thanks! I'll send you a message with some more information.

Reply

You must log in to post.

About this Plugin

  • Blue Captcha
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic