Support » Plugin: Login Security Solution » [Plugin: Login Security Solution] ip is incomplete

  • Resolved janmalagucute



    it seems my site is getting attacked. I am receiving email notification of failed attempt

    my problem is the IP is incomplete. It is missing the last octet and I can’t block the IP

    ====email copy=====
    Component Count Value from Current Attempt
    ———————— —– ——————————–
    Network IP 0 208.91.199
    Username 0 root
    Password MD5 0 4072f365e6d7673a1ea5478d49dfbe1e

    The Login Security Solution plugin for WordPress is repelling the attack by making their login failures take a very long time.
    the ip has 3 octet only. it should have 4 right?


Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author Daniel Convissor


    Hi Jan:

    That’s the network component of the IP address, which is what’s used for counting the failures. The full address is in the <prefix>login_security_solution_fail table.

    I’m curious, which version of the plugin were you using when that email was sent, please?





    I am using the latest version

    I went to the table and I saw the logs. I am curious why the suspected attacker is able to use my username even though i am using a username that is not common.

    in the table there are attempts of using usernames as root, admin, webmaster and suprisingly, it also have entries of failed attempt using my real username.

    Does it imply the attacker is somehow gaining access to some data?


    Plugin Author Daniel Convissor


    Hi Jan:

    By latest version, you mean 0.23.0? Hmm, and it’s still sending the emails with 0 counts. Alas.

    The failures with your user name could be due to auth cookies? Did you change your password? Are you using multiple browsers? Do the times match the times you were looking at the site.

    Or the attacker deduced your user name from the site name or the user name on your postings.




    Yes that is my version. But that log may have been log before i upgrade to latest version. I randomly choose it from the table.

    I changed my password because I was locked down. The log said there was a successful intrusion that is why the username password reset is required.
    When i check the logs, the IP of the alleged intruder was my IP.

    But the real suspected attacker IP has several logs using my real username.

    Yes I am using multiple browser to test my website.

    I am not posting using my wp owner/admin account

    By the way. I am starting to appreciate your plugin. it seems that there are many intrusion attempt I was missing before.


    Hi Dan and Jan,

    Thanks for the plugin. I experience the first attack today, with the version 0.34.0.
    I received a notice of attack, but without the last octet of the IP. Is it possible in a next release to show the full IP?

    Like Jan I was surprised my username had been found with no display in comments or elsewhere, and no obvious quoting in the site.

    It’s fairly easy to guess an administrator’s username.
    It’s usually the author name.
    Here are a couple of ways they can guess at it.

    Using their browser they could do the following (where is your domain).

    That above could reveal any posts that were created by any authors of the site.

    Or they could try this:

    and so on.

    More than likely a lower number is the username of an admin.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘[Plugin: Login Security Solution] ip is incomplete’ is closed to new replies.