Collateral damage

  • Resolved IvanRF

    (@ivanrf)


    9 years, 2 months ago

    Since yesterday, I’m getting several block alerts from login attempts. The thing is that every attempt come from a different IP (IP Address Spoofing Attacks).

    When I installed Wordfence, I set in my options “Immediately lock out invalid usernames” and “Amount of time a user is locked out” -> 1 day.

    My question now is: if the attacker uses an IP and then a real user with the same IP try to enter my site, what happens?? I guess the real user will be blocked too, right?

    If I’m right, you should add this to your documentation.

    What’s the best approach here?

    https://www.ads-software.com/plugins/wordfence/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter IvanRF

    (@ivanrf)

    OH, my mistake. I forgot that this only blocks IPs from login. So, it is not as bad as I thought. ??

    The question remains if a real user wants to LOG into a site from the same IP. However, this will be very unlikely.

    Plugin Author WFMattR

    (@wfmattr)

    Most of the time, when you see a ton of different IPs getting locked out of your site, it is not actually spoofing anymore — they usually really are hacked sites (or individual PCs), or even unused IPs hijacked from their real owner, so there is very little chance of a real user’s IP actually showing up.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Collateral damage’ is closed to new replies.

Tags