Forum Replies Created

Viewing 15 replies - 1 through 15 (of 32 total)
  • WebBadAss

    (@webbadass)

    I still haven’t found the plugin I was looking for – Might have to try a paid one for a month (Any suggestions). Also – Is there a recommended forum area for folks to use to ask for suggestions or ideas for plugins and solutions?

    Thanks!

    WebBadAss

    (@webbadass)

    Pascal, thanks a lot for following up on this with me… I think you are right that maybe allowing xfinity is impractical… Hrmmm. This is getting a little more complicated than i want it to be… I think i will block the whole planet including the US from accessing the backend and see if my whitelisted ip still lets me in there… If it changes from Xfinity i can ftp in and delete the plugin so allow myself access. How is that for clever!

    SIMPLY PUT, the bottom line is that no one should be able to have their login attempts be ALLOWED except those IP’s i say. AS IN the end result should be BOTH that they have been prevented from trying AND that i dont get an alert that someone tried to log in.

    Why do I want this pair of result? Again simply put, so my customer who keeps getting alerts that someone tried to log in will shut the hell up.

    I dont mind the daily failure notices but my customer cannot get over it and WONT let me just remove his address from the alerts setup… Grrr…

    Thanks again!

    WebBadAss

    (@webbadass)

    How would I do that? Block out the whole planet but myself? Remove the US as well from the blocked country list? Wont that block me out regardless of the white list?

    https://www.dropbox.com/s/lldwyt374kf46wx/Screenshot%202018-11-21%2021.47.19.png?dl=0

    Any suggestions where I would look for the Xfinity IP Range?

    Thanks again!

    Oops sorry, I didnt see that.. I was able to download and then email that file no problem. I even made a new pdf out of it which reoriented the images, but still sent. Are you trying to email the file or just upload it online?

    Just for my information – did you try it with 8000000 or 8mb in the form?

    Clay

    Still having trouble with this? I just spent the weekend figuring it out – ok an HOUR, but it was ON the weekend… Everything i could find for cpanel, php.ini, dunctions.php. .htaccess, blah, blah, blah… It is JUST the contact form 7.

    To see if it is true for you too, go to Media > add new and if the limit on the bottom of that screen is about as high as you want it – add the largest tile allowed. In my case I added a 5 megapop file and uploaded fine. Its got to be the CF7 setup as the WP and cPanel allow an admin upload…

    On closer inspection I see that my contact form 7 wants me to input the file size as bytes – so if I want to allow 8 megapops (bytes, not kilo or mega or abbreviations) I have to put in a number reflecting bytes – as in type out 8 million as a number –  [file* your-resume limit:8000000]
    Screen Shot…

    Nothin? C’mon you gotta have something for me… Anyone? Bueller?

    Had the same problem with a move today and it bugged the hell out of me – this fixed it for me…

    You can manually update/change the “uploads” folder instead of defaults:

    1. Sign in your WordPress admin Panel.
    2. Go to Media Settings menu (Settings =>> Media).
    3. Find the “Store uploads in this folder” text box and either remove the specified path, leave it blank, for WordPress to use the default path of wp-content/uploads – OR – put in the path to your uploads folder .
    4. Click on the “Save Changes” button to save the changes and you are done.

    Had the same problem with a move today and it bugged the hell out of me – this fixed it for me…

    You can manually update/change the “uploads” folder instead of defaults:

    1. Sign in your WordPress admin Panel.
    2. Go to Media Settings menu (Settings =>> Media).
    3. Find the “Store uploads in this folder” text box and either remove the specified path, leave it blank, for WordPress to use the default path of wp-content/uploads – OR – put in the path to your uploads folder .
    4. Click on the “Save Changes” button to save the changes and you are done.

    Still no joy after my ISP looked it over… Anyone?

    rubjm9 – forget trying to tweak the wordfence – that is what i did – instead use the wordfence preconfigured security levels – change the security lebel to “Level 4: Lockdown. Protect the site against an attack in progress at the cost of inconveniencing some users” and it will shut them down and stop peppering you with alerts…

    See attached image if you cant find the option I mean…

    Lebel 4 selected screen grab

    Ok. Sorted. I have had wordfence installed for a while and been tweaking settings and such to hopefully lock my assailants out to no avail. And then i remembered – I am an idiot. Dunno how i could have forgot that… Anyways – i look at the preset levels of security and there is a “HIGHEST LEVEL – site under attack. Lock Down site at the expense of inconveniencing some users”.

    Lo and behold – no more alerts, no more locking out users forever or checking ip rages to lock out. Boop. done.

    Thanks for the help ya’ll!

    OK. So now another site on another server is being hit with empty login requests – Does anyone really know what the point of these attacks are? The only thing i can come up with is DOS because considering they are not using a login name, how could trying multiple passwords possibly help them get in? grrr.

    They been probing the ‘ ‘ login for 24 hour now and aint getting in that way. Which begs the question is there some way to get in if you DONT use a user name? And if there is – How many times do you have to try it before you are convinced its not gonna work?

    Thanks catacaustic – that is the conclusion i kind of came to as well but what i want to know is what the hell is the point of a login attack with no login name? Its not intense enough to shut the site down. I mean what is the end result? The point? It just seems to create alert emails? Or a distraction for another attack?

    Thanks again songdogtech. Do you really think this is a host issue? I mean – what can they do if its coming in from worldwide?

    Wont denying all prevent any all all forms from working for any user – not just the login? Have a look around at the site at issue… http://www.preachin.org

Viewing 15 replies - 1 through 15 (of 32 total)