brute force logins from Ukraine, blocked but they still come

I am confused. Is the user getting in?

In order to prevent lockouts I can’t block users who use your ID. If I did that the plugin would lock you out eventually. If the user id is known by wordpress, the program tries to validate the login. If it does not validate it blocks the user and adds them to the bad cache. This is not much different than the password check, but in addition it shows the captcha screen and then keeps the ip from trying to leave comments.

If you truly want to block this person you can add this to your .htaccess file.

Order deny, allow
deny from 178.137.16.233
allow from all

If you already have the order and allow lines just add another deny from for the user.

If you want to block him and the horse he rode in on, you can use:
deny from 178.137.16.233/22

This will block the subnet in the Ukrainian mobile phone provider where this guy gets his IP address. It will block several thousand IP address from Ukrainian users.

Keith

hi Keith, thanks for replying but the plugin is supposed to handle the deny IP thing, however in this case, it is not working.

I have also blocked Ukraine by country in the plugin admin, plus blocked the TLD .ua (Ukraine) and this plugin was supposed to stop all that but in this one case it is not doing so.

and NO the use is not getting past the security, its pretty tight.

The plugin doesn’t stop the Ukrainian spammer from trying. The plugin records each attempt. It is not the same thing as an .htaccess deny.

You should be seeing Admin login/registration attempt: admin in the log report for each time the user hits your site.

The spammer can still surf your site and read your pages. He will be blocked as soon as he tries to log in or comment.

Keith

well thats the thing, he HAS tried to login, on many occasions, and have put all sorts of permutations of blocking based on his IP, his tld, “Ukraine” in the block country option, entering his domain, his ISP, the lot, but each and every time this person keeps on trying to log in to the admin page, i really dont know what else to do. He wont get in, its just annoying

i tried adding the code you gave and it broke my site i had to go in to my server and edit ht access, i obviously put it in the wrong place.

So the deny thing you posted above, exactly WHERE should it go in the file and in WHAT format, e.g. does it need a # in front of it?

Order Allow,Deny
deny from 178.137.16.233
Allow from all

If there is another “Order” directive in the .htaccess then you just need to add the deny after the Order and before the Allow.

On some systems the directive is case sensitive. I did not give you the “Proper” statement.

If this is the only deny section I put it right at the top of the .htaccess file.

HI thanks for replying. In the add the ONLY way we could block this person was at root server level!!!!!!

So apart from that very happy with plugin but i still cant see WHY this person could still get thru despite me following the plug in instructions!

I am working on a “lock down mode” for the plugin – very dangerous. If the admin gets flagged by mistake the only thing to do is to go in through FTP and delete the plugin, but it’s very safe.

Keith

ok, another question, once i have entered an IP address i catch trying to log in, like this morning someone form 118.244.254.17 tried to log in and the admin account was locked. I entered their IP address in the DENY LIST and saved it. 5 minutes later the SAME ip address, the one i blocked, was able to try and login again.

Is there a delay after i enter the IP? I mean surely when i put the IP in to deny it, it should instantly work but it does NOT. I appreciate your help on here, but can you explain why this is happening? Thanks

The plugin does not keep users from trying to log in. It prevents them from logging in. The plugin does not deny anyone access to the site. It does not prevent anyone from pressing the submit button. It just keeps them from logging in.

The plugin only checks for a spammer when it detects that a form has been submitted.

Other plugins can look for the same event. I have seen problems where two plugins both look at the form submit and neither one works correctly. I had to disable login checks when the WordPress JetPack Protect option is active because the two plugin cause the system to crash.

If you have another plugin that is checking logins, it probably sees the login first, before Stop Spammers kicks in, and that’s how the user is being locked.

In the Stop Spammers “Protection Options” page try unchecking the “Check credentials on all login attempts”. This will lock out any attempt to log in by spammers even if the user has the correct password. You could lock yourself out, but if this happens you would see the second chance captcha screen.

Keith

Hi Keith.

So the plug in does NOT deny access, even if I add their IP? Thats pretty much what i wanted to do, ban people who tried to login and got picked up by BPS plugin.

I can see what you mean, but if i uncheck “credentials” bit, but am very catious that it would lock me out, which would not be good. How do i make SURE it wont log me out, is there a whitelist i can add my own IP to?

It does not deny access it checks the login or comment when the use presses the submit.

I tried an option to deny total access, but the overhead of having to check the IP each time a page is loaded slowed down my system to the point where it was nearly unusable.

I used to have an add-on for Stop Spammers that added spammers to the htaccess file on the fly, but the htaccess file had 12,000 entries after several months of operation and I was still getting new spammers every day.

Keith

……so if i followed your instructions and unticked the box, i WONT be locked out?

If you have the box checked “Automatically add admins to Allow List” your ip will be added to allow list every time you successfully log in. If your ip changes, it will re-check you. If you fail you will be presented with the second chance captcha and be able to log in.

If the second chance captcha fails you will have to rename the plugin Stop Spammers plugin folder through FTP to disable it. Log in, then rename it back and our new ip will automatically added to the allow list.

Keith