• Resolved goddin

    (@goddin)


    I am having an issue with AIOSecurity re brute force attacks on my site. They occur daily, which I’m told is not unusual, but I have the setting to lock out an IP address after 3 failed attempts within 5 minutes and this is not happening. The audit log shows the same IP address being used for roughly 50 login attempts, then another IP is used for another 50 or so attempts and these IP addresses are not being locked out. There’s nothing in my log about lockouts occurring. These attempts all have the same time stamp, meaning apparently 50 attempts is performed by a bot in one minute. I am blacklisting the IP addresses after the fact but I’m now unsure the plugin is working at all. I also have the setting turned on to instantly lockout use of specific usernames (admin for instance) yet this policy isn’t working either. My log shows 50 attempts from the same IP (not mine which is whitelisted) with the user name admin.

    How can I troubleshoot this issue? I don’t use any other security plugins. I’m on a Litespeed sever and use that plugin, and i use AIOSEO plugin, those are the ones i assume might be conflicting. My site is a multisite. The site in question is my main site.

    I’m also annoyed that the speedometer graphic shows my site is green but if it’s just measuring plugin settings that are turned on versus functioning as intended then it’s a misleading indicator.

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    Hi @goddin

    WP security > Dashboard > Audit logs – Failed login type event filter or search with that IP will show all failed login attempt of that IPs.

    Can you share the stacktrace ( audit log record have a link that opens popup and shows backtrace log of the files executed) for one such attempt using https://pastebin.com/ use burn after read option so can be read only once.

    I will cross check but if you have added the IP to Blacklist from WP Security > Firewall > Black list it should block that IP.

    You said My log shows 50 attempts from the same IP (not mine which is whitelisted) with the user name admin. Where this whitelisted IP ? The attempts of failed login are with admin username ?

    Regards

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.