Attacks still shown by Simple History plugin after block

  • Hi,

    I installed the Brute Force Login Protection plugin after seeing in the Simple History plugin thousands of brute force login attempts. In the BFLP settings page, everything looks fine (“You are protected”). The two IPs where attacks were coming from today are shown as blocked and they are also added to the htaccess file (I’m hiding the IP addresses):

    # BEGIN Brute Force Login Protection
<FilesMatch ".*\.(php|html?|css|js|jpe?g|png|gif)$">
order deny,allow
deny from 195....
deny from 180....
</FilesMatch>
# END Brute Force Login Protection

    However, in the Simple History plugin, I am still seeing hundreds of failed login attempts from these IPs even after they have been blocked.

    Am I misunderstanding the way the plugin works or is the block ineffective?

    I’m using WP 4.3.1, BFLP 1.5.2, and Simple History 2.2.3.

    https://www.ads-software.com/plugins/brute-force-login-protection/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Fresh-Media

    (@jan-paul-kleemans)

    Hi,

    Thanks for your post.

    Are you sure your website is running on an Apache webserver? .htaccess files only work on Apache. You can try if it works by adding your own IP to the .htaccess file, and check if you can reach your website.

    JP

    Thread Starter dmstraub

    (@dmstraub)

    Yes, running apache. The other rules in htaccess (e.g. WordPress pretty URLs) work fine. I tried blocking my own IP (deny from …) and was still able to access the site. I also checked that when I introduce a typo in the block (e.g. <FilesMatc>), the server throws an error 500, showing that the block is not ignored.

    Plugin Author Fresh-Media

    (@jan-paul-kleemans)

    Maybe there’s ‘earlier’ configuration on your Apache webserver. When an Apache server finds an .htaccess file, it needs to know which directives declared in that file can override earlier configuration.
    Deny-rules require “AllowOverride Limit” if you wish to use it in a .htaccess context.

    See https://httpd.apache.org/docs/2.2/mod/core.html#allowoverride or https://httpd.apache.org/docs/2.2/howto/htaccess.html#how

    JP

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Attacks still shown by Simple History plugin after block’ is closed to new replies.