Failed Login Emails

  • Resolved davbel

    (@davbel)


    9 years, 10 months ago

    Hi

    I’ve installed and setup the plugin on one of my sites and started to get the failed login attempt emails.

    Typically tries using admin and from various different ip addresses every 10-12 minutes.

    I’ve installed various types of different captchas including picture and game types, which would stop bots, but I was still getting the emails.

    So assuming it was a human (unlikely) I installed Blue captcha and set it to be so difficult it wasn’t readable in any way (I log in via a WP management system) and surprisingly, I’m still getting the exact same amounts of failed login attempts.

    How can this be?

    https://www.ads-software.com/plugins/sucuri-scanner/

Viewing 1 replies (of 1 total)

  • Normal captcha generators are old story, a generic computer with enough CPU and/or RAM could beat any of these generators in a few minutes and even seconds if the algorithm used to break the captcha is smart enough.

    You probably heard the news about the new Google reCaptcha [1], they were able to break their own generators and decided to change the algorithm to use the user data to determine if he/she is a bot or not, this news reiterates the idea that legacy captcha generators are a thing of the past.

    Also, many people think that using a captcha to protect a login page is a silly idea, my recommendation for you (and everyone that wants an advice) is to use a firewall which will protect your site against real attacks and not only guess if your visitors are hackers or not (which is basically what a captcha does).

    There are many companies out there that offer this service, modesty aside Sucuri has one of the best “Web Application Firewall” in the market and I highly recommend it. I encourage you to learn more about the “Sucuri CloudProxy WAF” [2] it is worth the money.

    I hope this helps you to understand what is happening to your site, if not then feel free to ask more question, I will be glad to respond if I know the answers.

    [1] https://www.google.com/recaptcha/
    [2] https://sucuri.net/website-firewall/

Viewing 1 replies (of 1 total)
  • The topic ‘Failed Login Emails’ is closed to new replies.