dwinden's Replies - page 9

Forum Replies Created

Viewing 15 replies - 121 through 135 (of 2,197 total)

← 1 2 3 … 8 9 10 … 145 146 147 →

Forum: Plugins
In reply to: [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection] Roles vs acceess

dwinden
(@dwinden)

9 years, 10 months ago

@sprenton

No, only users that have the manage_options (manage_network_options in MultiSite) capability get access to the iTSec plugin admin interface.

The Author role by default does not have the required capability.

If the above info answers your question please mark this topic as ‘resolved’.

dwinden

Forum: Plugins
In reply to: [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection] tens of copies of the same message “locked out”
dwinden
(@dwinden)

9 years, 10 months ago
@synthview

Ok. I noticed the IP address 91.200.12.11 is not listed as banned in the .htaccess file. 7 other IP addresses are banned but not this one.

The 7 banned IP’s are:
- 185.93.187.49
- 109.196.50.156
- 159.224.139.133
- 66.249.78.117
- 90.154.141.99
- 217.128.213.47
- 86.62.117.180
Please make sure:

– The Banned Users module is enabled.
– Ban Lists setting is enabled
– Ban Hosts setting contains the IP addresses as listed above including 91.200.12.11.
– The content of the advanced Server Config Rules module matches the iTSec plugin entries in the .htaccess file.
– The Write to Files setting is enabled in the Global Settings module.

dwinden
Forum: Plugins
In reply to: [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection] tens of copies of the same message “locked out”

dwinden
(@dwinden)

9 years, 10 months ago

@synthview

dwinden at xs4all dot nl

dwinden

Forum: Plugins
In reply to: [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection] tens of copies of the same message “locked out”

dwinden
(@dwinden)

9 years, 10 months ago

@synthview

Please post the content of the .htaccess file located in the site root folder. Don’t forget to obscure any sensitive info it may contain.

dwinden

Forum: Plugins
In reply to: [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection] Mode "Away" doesnt work?

dwinden
(@dwinden)

9 years, 10 months ago

@fomenkoandrey

The iTSec plugin Away Mode feature does not protect against automated brute force attacks.

Away Mode only redirects wp-login.php GET requests to the site homepage.

If the above info answers your question please mark this topic as ‘resolved’.

dwinden

Forum: Plugins
In reply to: [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection] tens of copies of the same message “locked out”

dwinden
(@dwinden)

9 years, 10 months ago

@synthview

What web server is your site using ? (Apache, nginx, IIS)

dwinden

Forum: Plugins
In reply to: [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection] Installing WordPress on Add On Domain

dwinden
(@dwinden)

9 years, 10 months ago

@tangosdad

Thank you for sharing that info.

You may be interested in reading this topic.

So no need to rename the .htaccess file.

As you are just sharing some usefull info please mark this topic as ‘resolved’.

dwinden

Forum: Plugins
In reply to: [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection] php fatal error

dwinden
(@dwinden)

9 years, 10 months ago

@najarismith

Restore your site from a backup.

And next time open your own topic (unless you are getting the exact same message as the topic creator).

dwinden

Forum: Plugins
In reply to: [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection] Log not identifying how IP was blacklisted

dwinden
(@dwinden)

9 years, 10 months ago

@skunkworks

Permanent IP bans are the result of temporary IP lockouts.
(default 3 for the same IP within 7 days).

Temporary IP lockouts are registered in the Logs page. As well as the invalid login attempts that cause the temporary IP lockout(s).

So even though the permanent ban itself is not logged you should be able to see the activity that lead to the permanent IP ban.

If that info is missing in the logs then there might be something wrong.

Note IP’s can also be added manually to the Banned Hosts list.
Note log records older than 2 weeks are automatically purged from the log.
Note all logs records can also be purged manually.

dwinden

Forum: Plugins
In reply to: [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection] traceip.net no longer works

dwinden
(@dwinden)

9 years, 10 months ago

@debrucer

I get the impression that the link to ip-lookup.net/domain-lookup.php in the Banned Users section is intended to be used to lookup the IP address belonging to a domain. Which is a bit different.
That said it does look like the same site could also be used to lookup v4 or v6 IP addresses.

Perhaps an indication of the quality of iThemes support is that there is a very simple workaround to the issue as reported in this topic but iThemes is not providing it in their response.

Simply add a rewriterule to the .htaccess file which will redirect any traceip.net request to a substitute. Helps us out temporarily while it gives iThemes the time necessary to work out a solution.

Something iThemes is very good at though is making promises 😉

dwinden

Forum: Plugins
In reply to: [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection] Not writing anything at .htaccess?

dwinden
(@dwinden)

9 years, 10 months ago

@john

Ok, one step at the time.

I think it is best to contact the hosting provider and mobilize them to look into this issue.

We know the iTSec plugin is able to write/update the .htaccess file on other envs. So it is unlikely that it is an iTSec plugin bug.
For some reason the iTSec plugin cannot write to the .htaccess file in this env.
So this must be related to something specific in this env (privileges?).

dwinden

Forum: Plugins
In reply to: [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection] What happens to custom login when iSec is de-activated?

dwinden
(@dwinden)

9 years, 10 months ago

@john

Try the suggestion as posted in this topic.

dwinden

Forum: Plugins
In reply to: [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection] Cannot install a working copy of iThemes – Out of memory

dwinden
(@dwinden)

9 years, 10 months ago

@creativewebcreations and @john

Not entirely sure but most likely this is caused by scheduled database backups. If possible activate the iTSec plugin and then in the Database Backups module disable the Schedule Database Backups setting.

If the memory error prevents you from doing anything in the Dashboard there is the possibility to disable the Schedule Database Backups setting manually in the database. In order to access the database a tool like phpMyAdmin or likewise is required.

dwinden

Forum: Plugins
In reply to: [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection] Can't access to themes & plugins editors !

dwinden
(@dwinden)

9 years, 10 months ago

@arthurandashes

If you do not require any further assistance please mark this topic as ‘resolved’.

dwinden

Forum: Plugins
In reply to: [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection] Login redirect to homepage

dwinden
(@dwinden)

9 years, 10 months ago

@yanou

If the wp-content/uploads/ithemes-security/itsec_away.confg file exists delete it.

The Away Mode feature redirects the login page to site homepage.

dwinden

Viewing 15 replies - 121 through 135 (of 2,197 total)

← 1 2 3 … 8 9 10 … 145 146 147 →