I don’t know. You’ll need to test it out. Report back!
Thread Starter
Mike
(@mgriffis)
Hi, Daniel.
It looks like LSS is not working when the Sucuri plugin is active.
Here’s what I tried:
1) reset all passwords. I was not logged out automatically, and I was not required to enter a new password when I logged out manually and tried to log in.
2) After trying to log in several times with invalid credentials, I checked the _login_security_solution_fail table in the database, and saw no new entries.
Not definitive, I know, but it looks like the Sucuri plugin is blocking yours from functioning.
That’s a shame. The overlap between these two plugins is very small. I really like the way LSS handles brute force attacks. The Sucuri plugin just reports, which isn’t all that valuable.
It’d be great if you could figure a work-around. I’d really like to use both.
Side Note: I see you’ve marked this thread as resolved … I’ll post this in a new thread in a day or two if I don’t see your response here.
Hi Mike:
Thanks for the report.
1) That’s expected. The person doing the reset is not forced to reset. You’ll need to test with another user.
2) There two scenarios where things are not logged. a) if the login_fail_minutes setting is set to 0, or b) if the IP/username/password combination is a duplicate of a hit within login_fail_minutes. Do either of these fit your test case?
You can uncomment the log lines (they’re preceded by ###) and run your tests again and examine the log file (/var/log/login-security-solution.log).
Closing for lack of reply.
