peterdog
Forum Replies Created
-
Forum: Reviews
In reply to: [Stealth Login Page] great solution to april 2013 botnet attacksThanks for the review!
I do recommend still using Limit Login Attempts along with it because there is a way to bypass the login page entirely and I have yet to find a plugin that closes that hole, but I am ACTIVELY looking for a way to do just that.
If you can get to the login page, then this has nothing to do with my plugin… this is not a plugin support topic. If you’d like WP support to see what is wrong with your install or host, my hourly rate is $350, but you’d be best to get managed hosting like WP Engine. I host over 50 sites on WPE and have not had a single incident of trouble from the global attacks.
Forum: Plugins
In reply to: [Stealth Login Page] Forwarding in plugin's settings doesn't workI’ll have to ask a fellow dev if he knows of a reason it’s not seeming to be activated across the network. It wasn’t intended for MU, but I didn’t see any reason while coding it why it wouldn’t work.
Sandy, please e-mail me via my contact form for this one – I’ve got a suspicion of what’s going on and don’t want it on open channels.
Forum: Plugins
In reply to: [Stealth Login Page] WooCommerce, s2member & other pluginsI have it running just fine on a WooCommerce site – the login slug is /login and the page comes up as it should, but they do get forwarded to the redirect site upon login – that might be a setting I have in WooCommerce that I need to change, though.
So long as they are not trying to access the wp-admin or wp-login.php page forms, everything else will run fine until something tries to redirect them to a core login form while logged out.
Forum: Reviews
In reply to: [Stealth Login Page] A Must Have for Better SecurityThanks, Bruce. I’m glad you’re finding it useful.
Forum: Plugins
In reply to: [Stealth Login Page] Help Help!!!I will edit the form to avoid this situation as soon as I can, but it is the first time in 2,000 installs, so it’s not an emergency. I suggest disabling it until I do my release later this week.
Forum: Plugins
In reply to: [Stealth Login Page] Help Help!!!Log into FTP and disable the plugin by renaming the folder per the FAQ.
Forum: Plugins
In reply to: [Stealth Login Page] Settings page does not existNo resolution needed – you simply have not looked for the settings page in the usualy place: outside of the Plugins page.
It is under Settings – Stealth Login Page – like most plugins that have settings pages.
Forum: Plugins
In reply to: [Stealth Login Page] Did not helpIt’s my pleasure. I’m a stickler for security and wanted to share this beyond my own clients who are on my host.
I will be working with some other developers to see if there is a way to kill that method entirely. Then it will be an ultimate security method.
Forum: Plugins
In reply to: [Stealth Login Page] Did not helpBrandon Kraft and I figured it out. It would appear that bots can attempt to POST the login form credentials via the address bar, never actually gaining access to the login page.
This illustrates that it is still important to have a strong login and to continue to use login limiting plugins, so Stealth Login Page is one of a 3-prong approach.
Forum: Plugins
In reply to: [Stealth Login Page] Did not helpHere are two of mine and they don’t make sense yet. I am investigating it with my fellow developers whom I trust to dig in with me.
88.230.88.135 http://www.petersenmediagroup.com – [11/Apr/2013:21:44:55 +0000] “POST /wp-login.php HTTP/1.1” 302 3889 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 ( .NET CLR 3.5.30729; .NET4.0E)”
88.230.88.135 http://www.petersenmediagroup.com – [11/Apr/2013:21:44:56 +0000] “POST /wp-login.php HTTP/1.1” 302 3889 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 ( .NET CLR 3.5.30729; .NET4.0E)”
88.230.88.135 http://www.petersenmediagroup.com – [11/Apr/2013:22:21:01 +0000] “POST /wp-login.php HTTP/1.1” 302 3888 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 ( .NET CLR 3.5.30729; .NET4.0E)”
88.230.88.135 http://www.petersenmediagroup.com – [11/Apr/2013:22:21:01 +0000] “POST /wp-login.php HTTP/1.1” 302 3938 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 ( .NET CLR 3.5.30729; .NET4.0E)”——
76.253.78.54 http://www.petersenmediagroup.com – [12/Apr/2013:02:51:53 +0000] “GET / HTTP/1.1” 200 5675 “https://www.google.com/” “Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31”
76.253.78.54 http://www.petersenmediagroup.com – [12/Apr/2013:02:51:53 +0000] “GET / HTTP/1.1” 200 5675 “http://www.petersenmediagroup.com/” “Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31”
76.253.78.54 http://www.petersenmediagroup.com – [12/Apr/2013:02:51:53 +0000] “GET /wp-content/themes/minimum/images/logo-image.png HTTP/1.1” 200 3418 “http://www.petersenmediagroup.com/” “Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31”
76.253.78.54 http://www.petersenmediagroup.com – [12/Apr/2013:02:51:57 +0000] “GET /wp-admin HTTP/1.1” 301 251 “-” “Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31”
76.253.78.54 http://www.petersenmediagroup.com – [12/Apr/2013:02:51:57 +0000] “GET /wp-admin/ HTTP/1.1” 302 0 “-” “Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31”
76.253.78.54 http://www.petersenmediagroup.com – [12/Apr/2013:02:51:57 +0000] “GET /wp-login.php?redirect_to=http%3A%2F%2Fwww.petersenmediagroup.com%2Fwp-admin%2F&reauth=1 HTTP/1.1” 302 3026 “-” “Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31”
76.253.78.54 http://www.petersenmediagroup.com – [12/Apr/2013:02:52:01 +0000] “GET / HTTP/1.1” 200 5675 “https://www.google.com/” “Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31”
76.253.78.54 http://www.petersenmediagroup.com – [12/Apr/2013:02:52:02 +0000] “GET / HTTP/1.1” 200 5675 “http://www.petersenmediagroup.com/” “Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31”
76.253.78.54 http://www.petersenmediagroup.com – [12/Apr/2013:02:52:22 +0000] “POST /wp-login.php HTTP/1.1” 302 1576 “http://brokencatholic.com/wp-login.php?redirect_to=http%3A%2F%2Fbrokencatholic.com%2Fwp-admin%2F&reauth=1” “Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31”
76.253.78.54 http://www.petersenmediagroup.com – [12/Apr/2013:02:52:43 +0000] “POST /wp-login.php HTTP/1.1” 302 1576 “http://brokencatholic.com/wp-login.php?redirect_to=http%3A%2F%2Fbrokencatholic.com%2Fwp-admin%2F&reauth=1” “Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31”
76.253.78.54 http://www.petersenmediagroup.com – [12/Apr/2013:02:53:02 +0000] “POST /wp-login.php HTTP/1.1” 302 1575 “http://brokencatholic.com/wp-login.php?redirect_to=http%3A%2F%2Fbrokencatholic.com%2Fwp-admin%2F&reauth=1” “Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31”
76.253.78.54 http://www.petersenmediagroup.com – [12/Apr/2013:02:54:36 +0000] “POST /wp-login.php HTTP/1.1” 302 1600 “http://brokencatholic.com/wp-login.php?redirect_to=http%3A%2F%2Fbrokencatholic.com%2Fwp-admin%2F&reauth=1” “Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31”
76.253.78.54 http://www.petersenmediagroup.com – [12/Apr/2013:02:55:13 +0000] “POST /wp-login.php HTTP/1.1” 302 1578 “http://brokencatholic.com/wp-login.php?redirect_to=http%3A%2F%2Fbrokencatholic.com%2Fwp-admin%2F&reauth=1” “Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31”Thank you. I’ll mark this as resolved. You have a great weekend, now, sir.
Forum: Reviews
In reply to: [Stealth Login Page] Would be great if…Thank you. I’m going to work as hard as I can with my skills and friends on Git to try to edit the admin bar or see what is going one. One developer friend and I are both seeing (very few) lockouts with Limit Login Attempts in the past 2 hours – it may be related to the brute force attack going on now.
4 stars is reasonable for what you’re experiencing and I will work towards changing that one more time for you. 😉
Forum: Plugins
In reply to: [Stealth Login Page] Did not helpEveryone please look at your server logs. Line up the IP addresses of those offenders and see what paths they used. If they are already IP-logged from before, it’s possible that the plugin is kicking them out before my plugin.
I’m using this on sites with both of the login attempt plugins I mentioned with just 1 lockout today on my most-visited site for attempting “admin.” I will check my logs if you check your logs.