• Resolved kaimana

    (@kaimana)


    I had logged out as admin so I could see the blog pages as a visitor would and to do some “other experiments”. One of the things I tried was logging in from my desktop as “Bad User” a single time.

    Got locked out of my site, message: “ERROR: Login failed because your IP address has been blocked. Please contact the administrator.” I immediately got an email message from the site saying this lockout had occurred, after this single wrong login attempt from my IP.

    I edited the option ‘active_plugins’ in my database and deleted the AIOWPS plugin, hit Save/Go and logged in easily again.

    I was locked out by AIOWPS because I had the setting in Login Lockdown Configuration set to “Instantly Lockout Invalid Usernames”, and I’d entered an invalid username. I assume this resulted in an IP lockout for my IP which also locked out other attempted logins from the same IP. So far so good?

    The interesting thing is that I went to my laptop (different IP, right?) and tried to log in and got the same message. I was REALLY careful with the login typing; it should have worked. This implies that something unrelated to IP addresses is producing this condition, and it kinda scares me, not knowing what’s happening here.

    Anyway, I reset the Instantly Lockout setting to not, because I realized that it would ALSO lock out a registered user who simply entered a typo and was unaware of it. I don’t want to frustrate my users.

    Any thoughts on what caused AIOWPS to lock out another IP?

    Thanks much, Aloha, Tim Mann, [email protected]

    https://www.ads-software.com/plugins/all-in-one-wp-security-and-firewall/

Viewing 11 replies - 1 through 11 (of 11 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    What are your other settings for example Time Length of Lockout (min):? If you have a time added to the aforementioned then that is the time you will be locked out when you enter the wrong credentials.

    Thread Starter kaimana

    (@kaimana)

    Sorry, should have put all that in.
    Allow unlock requests: no
    max login attempts: 10
    Time length of lockout: 60
    Enable login lockdown: yes
    login retry time period: 10
    Instantly lockout invalid usernames: yes

    I got back in, set “Instantly lockout invalid usernames” to no, and it works fine; I can now do a wrong login up to ten times without getting locked out from the same IP. That’s NOT the problem; the problem is that the first thing I did when I got the “your IP address is blocked” message is to go to another computer with a different IP and login. I typed the login carefully and am certain I got it right; I was also blocked on that computer with the same “this IP is blocked” message.

    My question is really: is there any way this can happen, or would you say I probably mistyped (which I’m certain I didn’t)?

    Thanks, Tim………..

    Plugin Contributor mbrsolution

    (@mbrsolution)

    I am sure you typed your details correctly on the second computer. But the account was already locked from your previous attempt in the first computer. Which means that the security is working correctly.

    Thread Starter kaimana

    (@kaimana)

    I must be dense over here, I still don’t get it.

    The IP of the first computer (my desktop) got locked out when I typed in a random username and password. That makes total sense, you don’t want to allow a single IP to make lots of attempts to hack you just because it can provide fake emails, names, and passwords really fast.

    But when I tried to log in from a different IP, how can the account itself be locked from the first attempt? There is nothing connecting the first attempt to the second, except they are trying to login to the same account.

    As admin, I get 20-50 lockout notifications a day from AIOWPS from hack attempts on the site, but none of those attempts lock ME out of the site. If, as you say, the account gets locked by a bad login attempt, why doesn’t it get locked by those? How can I login any time I want? It seems that the account couldn’t be locked by a fake login, because otherwise how could I log in right after a hack attempt? (they happen every 20 minutes or so 24/7).

    If this is so, it seems the only way it could work is that AIOWPS knows the IP of the admin machine (how?), and when an illicit login happens from THAT machine (like another office worker trying to break into a fellow worker’s WordPress site after hours), it not only locks the IP, but the account also?

    Really trying to understand; what I’m after here is implementing AIOWPS in the most effective manner possible. Whatever help is offered is greatly appreciated.

    Plugin Contributor mbrsolution

    (@mbrsolution)

    If your user name is locked then it does not matter whether you log in from a different computer with a different IP address. The account is locked regardless of IP address.

    I hope that helps you further.

    Kind regards

    Thread Starter kaimana

    (@kaimana)

    Sorry, I didn’t explain that very well the first time. I did NOT log in with the correct admin username the first time,

    I logged in with “Bad User” the first time on my desktop, and got the IP locked out. This is NOT my admin user name.

    I logged in with “MyAdminUserName” the second time on my laptop, and got the “IP is locked” message. This is why I don’t understand the locked IP message on the second computer; I did not use the same username.

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Okay I understand now what you mean. If you log in with a bad username or bad password and your IP address gets locked out then it does not matter if you try to log in with a valid username and password. Since your IP address has been locked out you can’t log in from that laptop until your IP address is cleared.

    Thread Starter kaimana

    (@kaimana)

    OK, last time: I am not good at communicating this:

    I logged in with “Bad User” the first time on my desktop, and got a message “incorrect username or password”. Then, I tried logging in with my admin user name “MyAdminUserName”, and found out the desktop computer’s IP was locked out.

    I then tried logging in with “MyAdminUserName” on my laptop computer, which has an entirely different IP from the desktop computer that got locked out, and STILL got the “IP is locked” message.

    What I don’t understand is the locked IP message on the second computer; how can it be locked if I’ve never even tried to log in from it? I did not use the same IP, which was obviously locked.

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Okay I will try to following your comments.

    I logged in with “Bad User” the first time on my desktop, and got a message “incorrect username or password”. Then, I tried logging in with my admin user name “MyAdminUserName”, and found out the desktop computer’s IP was locked out.

    In the above comment when you logged in with a Bad User the plugin automatically also registered the IP address. So that means that when you tried to log in with a legitimate User name and password you could not because the IP address has been blocked.

    I then tried logging in with “MyAdminUserName” on my laptop computer, which has an entirely different IP from the desktop computer that got locked out, and STILL got the “IP is locked” message.

    Log in and check all IP address that are blocked and User names. Make sure the laptop IP address is not in the black list and also the User name MyAdminUserName is not banned.

    What I don’t understand is the locked IP message on the second computer; how can it be locked if I’ve never even tried to log in from it? I did not use the same IP, which was obviously locked.

    Once you answer the second comment above it will also answer the above question.

    Let me know if I can help you further.

    Is your WP site hosted locally, or by a hosting provider? If your server isn’t on the premises, then no matter what IP address your desktop and laptop are using inside your network, they probably reach your website with the same external-facing IP address. That would explain why you were locked out when you attempted to login with a different username from your laptop. In a typical home network (and many office network setups) all devices connected to the network router (or wireless access point) share the same external-facing IP address (the one your ISP assigns to you).

    Thread Starter kaimana

    (@kaimana)

    Thank you Steve Gantz!

    Server is off-site somewhere in the cloud; a VPS setup with iPage.

    Ahh, as usual the explanation is technical and unexpected (there IS no magic in the universe); one would think that the originating IP address of the computer would be what was picked up and denied, but if our ISP assigns an IP address to our router (probably in an attempt to simplify its job?) then, as you say, anything coming from that router would be blocked.

    Thanks again; couldn’t have guessed on my own that this was what was happening. All this goes in my ongoing document “WordPress and website tips and tricks”. I write all this stuff down so that the next time I have to deal with it it’s not a mystery.

    Aloha, Tim…………..

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘IP deny on two separate IP's’ is closed to new replies.