dwinden
Forum Replies Created
-
As this topic has been marked as ‘resolved’ please open a new topic.
Besides your issue (and the cause) is a bit different.Anyway open a new topic and I’ll post a response.
dwinden
When the iTSec plugin is installed\activated 2 WordPress cron tasks are created which run on a daily basis:
– itsec_purge_lockouts:
- deletes all records with a lockout expiry date older than 7 days (default value from the Blacklist Lookback Period setting) from the wp_itsec_lockouts table.
- deletes all records with a datestamp older than 1 day from the wp_itsec_temp table.
– itsec_purge_logs:
- deletes all records with a datestamp older than 14 days (default value from the Days to Keep Database Logs setting) from the wp_itsec_log table
Alternatively you can empty the wp_itsec_log table by clicking on the Clear Logs button at the bottom of the iTSec plugin Logs page.
If the above info answers your question please mark this topic as ‘resolved’.
dwinden
[ No bumping please. ]
Make sure the Write to Files setting in the Global Settings section of the iTSec Settings page is enabled.
Assuming you are using Apache as your Web Server the following lines should show up in the .htaccess file:
[ Moderator note: code fixed. Please wrap code in the backtick character or use the code button. ]
# Ban Hosts - Security > Settings > Banned Users SetEnvIF REMOTE_ADDR "^91\.200\.[0-9]+\.[0-9]+$" DenyAccess SetEnvIF X-FORWARDED-FOR "^91\.200\.[0-9]+\.[0-9]+$" DenyAccess SetEnvIF X-CLUSTER-CLIENT-IP "^91\.200\.[0-9]+\.[0-9]+$" DenyAccess <IfModule mod_authz_core.c> <RequireAll> Require all granted Require not env DenyAccess Require not ip 91.200 </RequireAll> </IfModule> <IfModule !mod_authz_core.c> Order allow,deny Allow from all Deny from env=DenyAccess Deny from 91.200 </IfModule>dwinden
As your question seems to be answered please mark this topic as ‘resolved’.
dwinden
[ No bumping please. ]
Interesting case.
I’ve seen this happening in the past when using (or attempting to use) an iTSec plugin translation. But it looks like neither of you is even running WordPress in a (non English) local language.If this issue started after recently upgrading to 5.2.0 and\or 5.2.1 you could try and downgrade to the 5.1.1 release.
This way the Security Status section on the plugin Dashboard screen would also be available again.
dwinden
[ No bumping please. ]
Is this happening while using the latest iTSec plugin release (5.2.1) ?
And are you NOT running WordPress in the default English (United-States) language ?dwinden
– Google : user enumeration wordpress
– This question is already answered in my previous post.If you solve the root cause of your issue there is no need to change any default setting value.
dwinden
Change the following line:
RewriteCond %{HTTP_USER_AGENT} “^$” [NC,OR]
to:
# RewriteCond %{HTTP_USER_AGENT} “^$” [NC,OR]
If that does not help try disabling the WordPress Tweaks Comment Spam setting (Note in the .htaccess file it’s incorrectly listed as a System Tweaks setting -> bug).
If the above info helps you solve the issue please mark this topic as ‘resolved’.
dwinden
Increasing the “Minutes to Remember Bad Login (check period)” setting’s value also increases the risk for false positives.
Basically locking out (and ultimately banning) legit IPs that accidentally enter a wrong password and thus trigger invalid login attempts. You don’t want that …It’s also a nice example of fighting against symptoms but not really solving the underlying problem. A cure that is possibly worse than the disease …
The real problem is that your website is leaking user\account names.
And these are being used in a brute force attack.
Solve that and there will be no more symptoms like reported in this topic to fight.Any WordPress environment will leak user\account names if not properly set up. Since ALL your user\account names are already out in the open you will need to remove all of them and create new users\accounts. Also choose user names that are not easy to guess (so not like: alice).
And you need to do so AFTER making sure that the Force Unique Nickname and Disable Extra User Archives settings in the WordPress Tweaks section of the iTSec plugin Settings page are enabled.
Without your website exposing user names hackers/botnets will find your website a lot less interesting for brute force attacks.
Addendum: I forgot something in my initial post.
Enabling the Hide Backend feature and disabling XMLRPC (if possible) will also prevent many automated brute force attacks.
dwinden
There is an alternative workaround described in this topic.
If your feature request already exists on Trello upvote it here.
In case your feature request does not yet exist on Trello it would be better to submit it directly to iThemes.
As stated in the readme.txt iThemes does not regularly check this forum.
dwinden
[ No bumping please. ]
Ok, so just to clarify this is a user lockout issue.
Is this happening while using the latest iTSec plugin release (5.2.1) ?
The user\account roland actually exists, right ?Last but not least what is the url of the website ?
Don’t worry, I mean no harm to your website. I just need to check something before I can give you my final verdict.dwinden
On Feb 11th 2016 (last thursday) iThemes released iTSec Pro 2.2.2 which includes IPv6 support.
New Feature: Added support for IPv6 addresses. This includes support for IPv6 in lockouts, ban hosts, and white lists.
So I guess an iTSec plugin release will follow shortly here on WordPress.org …
dwinden
If deactivating the iTSec plugin does not allow you to access the WP Dashboard login screen while using the default WP login slugs (wp-admin, admin, dashboard, login, wp-login.php) then this is not an iTSec plugin issue.
If the content of the wp-content/plugins/better-wp-security/better-wp-security.php file reports version 4.6.2 then you are using a very old iTSec plugin release. There have been 15 new releases since …
Assuming you are running the latest WP 4.4.2 release I strongly recommend to update to the iTSec plugin 5.1.1 release as soon as you are able to login again.
Note there are 2 newer releases, 5.2.0 and 5.2.1, but as these introduced many new bugs as well as removed the Security Status feature from the iTSec plugin Dashboard page it’s better to stick to the 5.1.1 release for now.
dwinden
There seems to be a Multi Site specific bug with Malware Scan.
And the Malware Scan logs page link in Multi Site returns the following message :
You do not have sufficient permissions to access this page.
dwinden