Blacklist not working

Hi chriswutzke,

How have you come up with this assumption? Can you please provide more details?

Regards,
WPChef Team

Many months before installing Limit Login Attempts plugin, I had installed Activity Log plugin so that I could track member activity (my site is a membership site). However, this is how I saw the website hacking attempts. So I installed Limit Login Attempts to thwart this. Here is a picture of the current set up showing the blacklisted IP’s and usernames: https://www.dropbox.com/s/l6if7t4lf56v0di/Limit%20Login%20171227.jpg?dl=0. You can see that IP 90.200.12.XX is a blacklisted IP, and ‘parametricfinance’ and ‘admin’ are blacklisted usernames. Here is a picture of the activity log: https://www.dropbox.com/s/y1zjjyc6xq4j1c7/Activity%20Log%20171227.jpg?dl=0. You can see that these blacklisted IP’s and usernames are still showing up here as attempting to log in. Shouldn’t they be blocked and not appearing here? Or are they free to continue attempting (and continue showing up on the activity log) but will never be granted access? I was expecting to see them disappear from the activity log.

Hi chriswutzke,

Or are they free to continue attempting (and continue showing up on the activity log) but will never be granted access?

This is correct.

I was expecting to see them disappear from the activity log.

You can try purging the log and they should not appear in it anymore after that.

Regards,
WPChef Team

I have a similar situation, – ips listed on the black list still turn up in the locked out protocols, i.e. are locked out for xx minuts after 3 failed attemps.
I am worried that the spammer / hacker eventually succeed. When I block an IP number/ range, the attacker should not even be able to try a log in.

• This reply was modified 6 years, 8 months ago by petergeu.
• This reply was modified 6 years, 8 months ago by petergeu.

Just find it curious, but the ip address from where the access trials are coming is also 90.200.12.xx

Is the sequence of entries in the Blacklist relevant for detection, i.e. when the IP address of the “attacker” is compared to the list, and a “higher” IP number is found, higher than the attacker’s, is the scan than stopped, i.e. the later, potentially lower blacklist entries, might be ignored?

Is the IP range crossing medium level IP ranges, i.e. 91.200.12.0-91.200.15.255?
I changed a moment ago to
91.200.12.0-91.200.12.255
91.200.13.0-91.200.13.255
91.200.14.0-91.200.14.255
91.200.15.0-91.200.15.255
let’s see what happens.

Another question, – not related to the plug-in function: could you imagine, how the attackers find out the user names? I do not see it in any screen (html source code).

Background
I got still lock out events from an IP address, I want to be blocked.
Datum IP Loginversuch als Gateway
M?rz 26, 2018 08:25 91.200.12.113 rebecca (2 lockouts) WP Login
M?rz 25, 2018 04:26 91.200.12.151 rebecca (1 lockouts) WP Login
M?rz 25, 2018 02:38 91.200.12.113 musikverein-kreuzweingarten-rheder (2 lockouts) WP Login
M?rz 23, 2018 19:03 91.200.12.151 musikverein-kreuzweingarten-rheder (3 lockouts) WP Login
M?rz 22, 2018 17:32 91.200.12.151 PeterGe (1 lockouts) WP Login
Januar 01, 1970 00:00 194.6.231.240 rebecca (1 lockouts)

• This reply was modified 6 years, 8 months ago by petergeu.