Can’t Block User

  • Resolved Geeky Explorer

    (@geeky-explorer)


    8 years, 5 months ago

    Hi,

    I’ve been receiving DOZENS of emails a day from Sucuri with failed login attempts to my website GeekyExplorer.com.

    The IP is always the same, which makes me think is a brute force attack.

    However I’ve tried to block the IP everywhere (htcacess file, Sucuri setting, hosting provider) and I’m STILL getting the same emails.

    What can I do to stop this?

    Thanks
    Bruno

Viewing 4 replies - 1 through 4 (of 4 total)

  • Hi Bruno
    I am having the same problem. Did you get this resolved? I am searching the internet for a solution on how to block the IP from within Surcuri but can only block the user. So if they try multiple logins with different users I am blocking both the user and the IP. I want to block the IP.

    Teri

    Hi there,

    You can’t use the Sucuri plugin to block by IP (our Firewall can do this). You should be able to block IPs in your .htaccess. If you’re having trouble with that, you might want to contact your host for help.

    Eve

    taksmara

    (@taksmara)

    Does anyone know why I still get a Sucuri Failed Login Alert for users that I have blocked? The user “admin” is in my Blocked Users list, but I keep getting email alerts of failed login attempts.

    @geeky-explorer it is difficult to say why the restrictions that you have added to your access control file or the ones via your hosting panel are not working. Without access to your server we can only speculate. Ask your hosting provider about Fail2Ban [1] maybe they have an special configuration that is overriding your settings.

    @taksmara the current version of the plugin only blocks login attempts originated in the login page, but there are multiple ways a malicious user can send a login request, XMLRPC for example is a common alternative [2]. At the moment we have no plans to extend the functionality to other interfaces other than the login page because that functionality is already implemented in our firewall [3] and we don’t want to duplicate code in our projects.

    @tpasto here is a tool [4] that you can use to generate a valid access control file to block unwanted traffic from certain IP addresses.

    [1] https://www.fail2ban.org/
    [2] https://blog.sucuri.net/2015/10/brute-force-amplification-attacks-against-wordpress-xmlrpc.html
    [3] https://sucuri.net/website-firewall/
    [4] https://www.htaccesstools.com/block-ips/

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Can’t Block User’ is closed to new replies.