WordPress.org

Support

Support » Plugins and Hacks » Blue Captcha » New brute force login attach bypassing Blue Captcha

New brute force login attach bypassing Blue Captcha

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author jotis

    @jotis

    Hello.

    This is really weird. Blue Captcha has strong hooks on login page and it’s very difficult to bypass it.
    Does this happen to all new brute force attacks?

    Do you use extra plugins for login (like sidebar login, for example)?
    Did you install any new plugins lately?

    It would be useful to check raw access logs on your cpanel
    to see the raw links the attacker(s) used to login.

    For instance, do they look like:

    http://domain.com/wpsite/wp-login.php

    ???

    By the way, the logs from “Limit Login Attempts” (as shown in https://docs.google.com/file/d/0B78_0tA4WOnIMUx1TWFpWG9iU0U/edit ) don’t list any other details (like date & time)? Are you sure that those attempts are not recorded in Blue Captcha logs in older dates?

    If you don’t want to share “sensitive” information here, please contact through:

    http://mybluestuff.blogspot.gr/p/contact.html

    Hi Jotis,

    Thanks for the quick reply. All good questions.

    Does this happen to all new brute force attacks?

    No, this just started happening. No changes to the WP install were made or new plugin installed when this started happening. I was on a previous version of WP 3.9.0 when it started but upgraded to see if it was something with the WP version. It clearly didn’t stop after the upgrade to WP.

    Do you use extra plugins for login (like sidebar login, for example)?

    The only plugin I use are BC and Limit Login Attempts.

    Did you install any new plugins lately?

    I did upgrade one plugin but it wasn’t security related. I think it was Simple Backup. No new plugins where installed

    Are you sure that those attempts are not recorded in Blue Captcha logs in older dates?

    I checked the entire BC logs and none of the IPs from the Limit Login Attempts log appear in the BC log.

    Thanks! I’ll send you a message with some more information.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘New brute force login attach bypassing Blue Captcha’ is closed to new replies.
Skip to toolbar