Login Security Solution
[resolved] ip is incomplete (7 posts)

  1. janmalagucute
    Posted 3 years ago #


    it seems my site is getting attacked. I am receiving email notification of failed attempt

    my problem is the IP is incomplete. It is missing the last octet and I can't block the IP

    ====email copy=====
    Component Count Value from Current Attempt
    ------------------------ ----- --------------------------------
    Network IP 0 208.91.199
    Username 0 root
    Password MD5 0 4072f365e6d7673a1ea5478d49dfbe1e

    The Login Security Solution plugin for WordPress is repelling the attack by making their login failures take a very long time.
    the ip has 3 octet only. it should have 4 right?



  2. Daniel Convissor
    Plugin Author

    Posted 3 years ago #

    Hi Jan:

    That's the network component of the IP address, which is what's used for counting the failures. The full address is in the <prefix>login_security_solution_fail table.

    I'm curious, which version of the plugin were you using when that email was sent, please?



  3. janmalagucute
    Posted 3 years ago #

    I am using the latest version

    I went to the table and I saw the logs. I am curious why the suspected attacker is able to use my username even though i am using a username that is not common.

    in the table there are attempts of using usernames as root, admin, webmaster and suprisingly, it also have entries of failed attempt using my real username.

    Does it imply the attacker is somehow gaining access to some data?


  4. Daniel Convissor
    Plugin Author

    Posted 3 years ago #

    Hi Jan:

    By latest version, you mean 0.23.0? Hmm, and it's still sending the emails with 0 counts. Alas.

    The failures with your user name could be due to auth cookies? Did you change your password? Are you using multiple browsers? Do the times match the times you were looking at the site.

    Or the attacker deduced your user name from the site name or the user name on your postings.


  5. janmalagucute
    Posted 3 years ago #

    Yes that is my version. But that log may have been log before i upgrade to latest version. I randomly choose it from the table.

    I changed my password because I was locked down. The log said there was a successful intrusion that is why the username password reset is required.
    When i check the logs, the IP of the alleged intruder was my IP.

    But the real suspected attacker IP has several logs using my real username.

    Yes I am using multiple browser to test my website.

    I am not posting using my wp owner/admin account

    By the way. I am starting to appreciate your plugin. it seems that there are many intrusion attempt I was missing before.


  6. jbd7
    Posted 3 years ago #

    Hi Dan and Jan,

    Thanks for the plugin. I experience the first attack today, with the version 0.34.0.
    I received a notice of attack, but without the last octet of the IP. Is it possible in a next release to show the full IP?

    Like Jan I was surprised my username had been found with no display in comments or elsewhere, and no obvious quoting in the site.

  7. MickeyRoush
    Posted 3 years ago #

    It's fairly easy to guess an administrator's username.
    It's usually the author name.
    Here are a couple of ways they can guess at it.

    Using their browser they could do the following (where example.com is your domain).


    That above could reveal any posts that were created by any authors of the site.

    Or they could try this:


    and so on.

    More than likely a lower number is the username of an admin.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Login Security Solution
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic


No tags yet.