Login protection: lock out troublesome IPs

  • Resolved barnez

    (@pidengmor)


    3 years, 6 months ago

    Hi,

    I have login protection set to enable Captcha protection for 99 minutes if more than 3 posts are requested for login.php within 99 seconds. However, I am still seeing logs from the same IP within the same 99 second period. for example:

    12/May/21 12:40:37  #3020189  MEDIUM       -  85.101.99.112    POST /wp-login.php - Blocked access to the login page - [bot detection is enabled]
12/May/21 12:41:38  #2697319  MEDIUM       -  85.101.99.112    POST /wp-login.php - Blocked access to the login page - [bot detection is enabled]
12/May/21 12:42:39  #4832446  MEDIUM       -  85.101.99.112    POST /wp-login.php - Blocked access to the login page - [bot detection is enabled]
12/May/21 12:43:40  #4670968  MEDIUM       -  85.101.99.112    POST /wp-login.php - Blocked access to the login page - [bot detection is enabled]
12/May/21 12:44:41  #8878065  MEDIUM       -  85.101.99.112    POST /wp-login.php - Blocked access to the login page - [bot detection is enabled]
12/May/21 12:45:42  #7444344  MEDIUM       -  85.101.99.112    POST /wp-login.php - Blocked access to the login page - [bot detection is enabled]
12/May/21 12:46:43  #5711133  MEDIUM       -  85.101.99.112    POST /wp-login.php - Blocked access to the login page - [bot detection is enabled]
12/May/21 12:47:44  #8007299  MEDIUM       -  85.101.99.112    POST /wp-login.php - Blocked access to the login page - [bot detection is enabled]
12/May/21 12:48:45  #1003922  MEDIUM       -  85.101.99.112    POST /wp-login.php - Blocked access to the login page - [bot detection is enabled]
12/May/21 12:49:46  #3337196  MEDIUM       -  85.101.99.112    POST /wp-login.php - Blocked access to the login page - [bot detection is enabled]
12/May/21 12:50:47  #2873098  MEDIUM       -  85.101.99.112    POST /wp-login.php - Blocked access to the login page - [bot detection is enabled]

    Is there an automated way that Ninja Firewall can block such IP addresses for 99 minutes without manually entering the IP address in the .htninja file? Or is the only way to stop such requests to Always Enable catcha or username/password login protection

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author nintechnet

    (@nintechnet)

    The IP is blocked by the “Enable bot protection” option from the “Login Protection” section. It is not blocked by the login protection/captcha that you configured. The bot protection will be triggered fist and will return a “404 Not Found” immediately and close the connection. The bot will not even see the login page.

    Thread Starter barnez

    (@pidengmor)

    Thanks for the response. That’s strange as I have Enable Bot Protection (https://snipboard.io/COZlmu.jpg), but I am still seeing the issue in the logs after hitting login.php (e.g. yesterday there were 27 blocked access logged from the same IP over a 2 hour period, and then another 30 from a different IP again over a 2 hour period). Here are the rest of the Login Protection settings: https://snipboard.io/NeCkU6.jpg

    Plugin Author nintechnet

    (@nintechnet)

    You would need to disable the “Enable bot protection” option if you want the IP to be caught by the login protection, because it blocks IP addresses just before the captcha/password protection.

    Thread Starter barnez

    (@pidengmor)

    Thanks for the clarification. As the bot protection fires before the login protection, maybe it would be an idea to either offer the user the option to enable bot protection OR login protection.

    Plugin Author nintechnet

    (@nintechnet)

    It’s not possible because the bot protection is part of the login protection, i.e., it relies on the same code and functions.
    You can only disable it while keeping the captcha/password protection enabled.

    Thread Starter barnez

    (@pidengmor)

    Understood. I have disabled the bot protection. Thanks for the insight.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Login protection: lock out troublesome IPs’ is closed to new replies.