Blocked user list does not stop alerts

  • Resolved jkruger

    (@jkruger)


    8 years, 3 months ago

    Any user login passing accross the built-in mechanism that WordPress provides to authentication the session will be intercepted by the plugin and analyzed to see if the username is in the list of blocked accounts, if yes then the request will be stopped. No logs will be registered and no alerts will be sent to your email.

    I still get alerts for blocked user failed login attempts on all of my installations with Sucuri.

    Anyone else get this?

Viewing 7 replies - 1 through 7 (of 7 total)
  • Thread Starter jkruger

    (@jkruger)

    Still broken.

    Hi there,

    Please make sure the file sucuri-blockedusers.php exists in /wp-content/uploads/sucuri and is writable.

    I hope this helps!

    Regards,
    Eve

    taksmara

    (@taksmara)

    Yes I have the same problem and the file is in the correct location and I think is writable.

    Permissions are 0644, is that correct?

    • This reply was modified 8 years ago by taksmara.
    mikerayjones

    (@mikerayjones)

    I also have this problem, on multiple sites. In each case the file sucuri-blockedusers.php exists, is writeable, and contains the appropriate lists of blocked users.

    Mike.

    taksmara

    (@taksmara)

    By the way, I contacted Sucuri support and their reply was “It’s possible that this user is bypassing the security feature of where it’s blocked at”. They then suggested to enable the firewall, which is a paid feature and to use Two Factor Authentication (2FA) plugin. I tried the two way factor plugin but kept getting the notifications still.

    I have 15 websites at the moment, so cant afford 15 x Sucuri firewalls, I could barely afford just 1. Have added wordfence firewall and that seems to do the job. They did conflict initially and did some research in order to fix that, but cant remember what it was. I think it was to not enable the “Restrict wp-content access” hardening feature.

    mikerayjones

    (@mikerayjones)

    I’ll give that a try, thanks @taksmara.

    Hello everyone, please refer to this article [1] that explains how a malicious user can send login requests without using the login page. The code that powers the blocking of the login attempts only works in the login page due to limitations in the WordPress API.

    Marking as resolved, feel free to re-open if you have more questions.

    [1] https://blog.sucuri.net/2015/10/brute-force-amplification-attacks-against-wordpress-xmlrpc.html

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Blocked user list does not stop alerts’ is closed to new replies.