Brute force settings not working

  • Hi my brute force settings don’t seem to be working as expected.

    I have the following settings:
    Lock out after how many login failures 8
    Count failures over what time period 12 hours

    However when I look at live traffic I see a few IP addresses that have failed to login with invalid usernames 10 times in a 4 minute period. Shouldn’t they be blocked after the 8th time?

    Brute force is working overall as there have been 680 brute force attacks blocked today. It’s just not using the criteria set.

    • This topic was modified 5 years, 3 months ago by Luke Boobyer.
    • This topic was modified 5 years, 3 months ago by Luke Boobyer.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfphil

    (@wfphil)

    Hi @lsbwebdesign

    It appears that you are saying that multiple IP addresses are showing 10 hits each (or at least 10 hits) within a 4 minute time period in Live Traffic for failed login attempts.

    If that statement is true, then for the multiple IP addresses that have 10 hits each for a failed login (within a 4 minute time period), does each of the 10 hits in Live Traffic (for each separate IP address) all say in part “and attempted a failed login using an invalid username”?

    Or do some of those 10 hits for each separate IP address within a 4 minute time period say something else, such as “was locked out from logging in”?

    Thread Starter Luke Boobyer

    (@lsbwebdesign)

    Yes the hits show either “attempted a failed login using an invalid username” or “attempted a failed login as”

    So for example recently the following IP 113.59.217.94 from Colombo, Sri Lanka made 11 failed login attempts, all hits showing one of the above messages, within the space of 2 minutes.

    With the settings I have in place for brute force protection I would expect that IP to be blocked after the 8th attempt.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Brute force settings not working’ is closed to new replies.