'Admin' brute force attacks

  • Resolved rpsellers

    (@rpsellers)


    9 years, 1 month ago

    I’ve seen a HUGE uptick in brute force attacks recently, most attempting to login as “admin.” Since all my sites have long since removed the admin user, I have the box ticked on every Ithemes security install to “Immediately ban a host that attempts to login using the “admin” username.”

    But that functionality appears to not be working, or at least not be working as it’s listed. I get the message and see the logs that these many hosts are “locked out” but they aren’t “banned.” (In a few cases, I will get the email notice that they’ve been “banned permanently” but that’s usually a result of the settings I’ve chosen for the same IP address attempting logins within the time settings I’ve set.)

    Does anyone know of a way to make at automatic – and permanent – ban for anyone attempting a login with “admin?”

    https://www.ads-software.com/plugins/better-wp-security/

Viewing 8 replies - 1 through 8 (of 8 total)

  • I’m in the same situation. Loads of attempts using ‘admin’. But despite my being set to ban the host, its just locked out.

    Why aren’t they banned if thats what I told the plugin to do?

    The descriptive text of this setting is incorrect.
    (permanent)ban=(temporary)lockout

    Which means only after 3 (default) admin login attempts (=temp lockouts) within 7 (default) days from the same ip address the ip address will be permanently auto banned (assuming the Blacklist Repeat Offender and Ban Users settings are enabled).

    Also make sure to update to the latest iTSec plugin release (5.0.1).
    There was a bug fixed in the 5.0.0 release that prevented the plugin from permanently auto banning ip addresses. Unfortunately this fix was not mentioned in the 5.0.0/5.0.1 Changelog …

    dwinden

    @rpsellers

    If you require no further assistance please mark the topic as ‘resolved’.

    dwinden

    @rpsellers

    If you require no further assistance please mark the topic as ‘resolved’.

    dwinden

    Thread Starter rpsellers

    (@rpsellers)

    @dwinden:

    Once was enough.

    Resolved.

    @rpsellers

    There are 2 checkboxes displayed at the bottom when you open this topic:

    [v]Notify me of follow-up posts via email
    [ ]Mark this topic as resolved

    Please tick the “Mark this topic as resolved” checkbox and then click on the Post button …

    Thank you.

    dwinden

    Thread Starter rpsellers

    (@rpsellers)

    My apologies on that. If I were actually paying attention to the radio boxes I would have noticed it.

    I think it would be optimal behaviour to immediately permanently ban a user who has tried to login as admin, when you have selected “immediately ban a host that attempts to login using the “admin” username.”

    Setting conditions on a permanent ban just gives them more attempts to try and login.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘'Admin' brute force attacks’ is closed to new replies.