endless brute force attack

  • Resolved aibol90

    (@aibol90)


    10 months, 3 weeks ago

    I enabled protection against brute force attacks by changing the standard login page in the admin panel. I also set up a white list of IP addresses, but still there are records of unsuccessful logins in the log. I tried changing this login address several times, I even tried cookie-based protection, but I still see failed authorization errors in the log. I myself tried to go to the admin page from a different IP address, but it shows a 403 error and I can’t understand how quickly they find the login page and do a brute force

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    Hi @aibol90,

    WP security > Dashbaord > Audit logs have Failed login records you can corss check stack trace to see what is cuasing that filed login. It might be XML RPC call of getUsersBlogs which may creating the Falied login records usign xmlrpc

    WP Security > User security > Login lockout tab – Enable login lockout tab with option lockout invalid usernames.

    if stop user enumeration not on It might be the reason your admin username exposed – WP Security > Miscellaneous > User enumeration tab check there.

    XML RPC call of wp_getUsersBlogs is trying to authenticate the user. – WP Security > Firewall > Basic firewall rules tab > Completely block access to XMLRPC , Disable pingback functionality from XMLRPC Please check both and Save.”

    Thread Starter aibol90

    (@aibol90)

    Thanks for the answer! I have blocking enabled for non-existent usernames. I’ll try to enable the Completely block access to XMLRPC option

    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    Hi @aibol90,

    Ok, keep me posted if that has solved the issue.

    Regards

    Thread Starter aibol90

    (@aibol90)

    Hi! This seems to have solved the problem. There have been no failed login attempts since yesterday. Thanks a lot!

    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    Hi @aibol90

    Glad to know the issue seems solved.

    Would you mind writing a quick five-star review on www.ads-software.com?

    https://www.ads-software.com/support/plugin/all-in-one-wp-security-and-firewall/reviews/#new-post

    Reviews also help others to make confident decisions about our plugin.

    Regards

    I just experienced the exact same problem after doing plugin updates. There were random, multiple attempts to log in using the Display Name, which your plugin successfully blocked. Changing the login address did not stop the attempts. There are calls to getUsersBlogs in the stack trace. I just checked Completely block access to XMLRPC and Disable pingback functionality from XMLRPC, as you recommend. I’ll let you know if the problem is resolved in a few days. Do you know what is causing the XMLRPC calls? Is it WordPress, another plugin, or something external? The IPs for the invalid logins are coming from all over Europe, so they appear to be external calls.

    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    Hi @wpdogger

    ?XMLRPC calls are of WordPress, So it need to be disabled for invalid login attempts by getUserBlogs.

    Ok keep me posted

    Regards

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘endless brute force attack’ is closed to new replies.