Daniel Convissor
Forum Replies Created
-
Forum: Plugins
In reply to: [Login Security Solution] 3.1.4 CompatibilityIt won’t work. Sorry.
Forum: Plugins
In reply to: [Login Security Solution] Still can't get intoHi Dibbit:
The scenario you’re talking about only happens if the “attacker” is coming from the same IP address as you. This can happen for a few reasons:
* You’re the “attacker” (due to testing, forgetting your password, etc)
* Your web server is behind a proxy
* You’ve got malware on your computer
* You’re on some network (university, corporate, etc) that says you and the “attacker” are coming from the same IP. The “attacker” could be some other user(s) forgetting their passwords.The way to help figure out what’s happening is to examine the
<prefix>login_security_solution_failtable.–Dan
Hi:
The matching is based on partial IP’s, hence that’s what we report. To get full IP’s, take a look in the database at the
<prefix>login_security_solution_failtable.Blacklisting will not be added. Please see the FAQ about that.
Thanks,
–Dan
Hi E:
Thanks for the info! I installed jetpack. Doesn’t seem to be the problem. I added some extra log calls to possibly help sort out what’s going on. Can you please do the following:
* Download the main plugin file from GitHub (https://raw.github.com/convissor/login-security-solution/master/login-security-solution.php)
* Openlogin-security-solution.phpin your favorite text editor
* Go to thelog()function and change/var/log/to a path where your web server has the ability to write files.
* Remove the comments in front of thelog()calls (by doing a search and replace of###with nothing).
* Upload the file to my plugin’s directory in yourpluginsdirectory
* Use your site until it you replicate the behavior
* Send the output of file to me at danielc@analysisandsolutions.comThanks.
Hi Clive:
I just tested LSS out in a default WP 3.5 install. It works as expected for new accounts, requiring the strong passwords. I don’t know what’s happening on your setup. Perhaps the themes you’re using inappropriately processes the
user_profile_update_errorsaction. You’ll have to do some debugging to find out. Let me know what you find.Sorry for the delay in getting this back to you. Was busy with getting the plugin to check XML-RPC logins.
–Dan
Forum: Plugins
In reply to: [Login Security Solution] DOS attacksHi Frisco:
You’re right. Login Security Solution doesn’t handle DDOS attacks and can be used as a vector to implement such attacks.
Naturally, someone determined to DDOS a site will do it regardless of how many processes the server can run. The appropriate tools and procedures for dealing with them involve the server and networking layers.
–Dan
Forum: Plugins
In reply to: [Login Security Solution] LFD Alerts "Excessive processes running"Exactly. The script sleeps (so remains running) for up to 60 seconds.
Looks like you’ll need to tell those alerts to ignore wp-login.php.Dan: So glad you figured out what’s going on. Sad to see that simple bug fix has been lingering so long. –Dan
Hi:
I am trying to get you to search through your code base to find all declarations of the
wp_authenticatefunction. One ways is to read up on the web about how thefindcommand works. Another is to download the site’s files to your local mac and then usegrepthere.–Dan
Oh, on the computers that you’re having problems on, here are some questions:
* Does it happen only when you go to the login page, type in your user name and password then click “Log In?”
* Or is it that it happens just by viewing the login page?
* Does it happen when you access pages other than the login page?
* If either of those last two questions are true, what happens if you go into your web browser’s settings and delete the cookies for the site in question?Thanks,
–Dan
My sympathies for running on a Windows server. 🙂 Joking aside, the following should act similarly:
find 'function wp_authenticate(' wp-includes wp-contentI don’t have a windows box handy to test on, so you may need to tweak that a little.
Forum: Plugins
In reply to: [Login Security Solution] Brute Force Not Being Slowed?As mentioned in the description, the plugin tracks IP, user name and password. If any of those three match earlier failed logins, we slow them down.
Forum: Plugins
In reply to: [Login Security Solution] Excellent pluginYeah. I’m sure there are some crazy passwords being tried and it’d be funny to see them. 🙂
Hi Oudin:
The main “Description” page for Login Security Solution lays out what the plugin does and provides comparisons to other plugins. The pages for WP Login Security 2 and WP Login Security explain what they do.
If you have specific question, please reopen this thread to ask it.
Thanks,
–Dan
Forum: Plugins
In reply to: [Login Security Solution] Let users choose Own passwordClosing due to lack of feedback.