Casinyeam review,Best time to play money coming.Recharge Every day and Get Bonus up-to 50%!

Exploreguy
(@exploreguy)

10 years, 4 months ago

Hello,

I’m experiencing a brute force attack on my server. I have Blue Captcha and Limit Login Attempts installed. Until recent Blue Captcha has been the first line of defense and has done an excellent job of preventing bots from making reoccurring login attempts and has worked very successfully to prevent them from triggering them the Limit Logins Attempts plugin and logging methods

However, now I’m seeing persistent and reoccurring login attempts from random IP address bypassing Blue Captcha and hitting the Limit Login Attempts plugin. These bots are not leaving any trace records in Blue Captcha but go directly to hitting the Limit Login Attempts plugin.

I’m attaching links to two screen shots which I’ve just taken to day to show what is occurring.

https://drive.google.com/file/d/0B78_0tA4WOnIWXJTQ1NONFNwdWM/edit?usp=sharing

https://drive.google.com/file/d/0B78_0tA4WOnIMUx1TWFpWG9iU0U/edit?usp=sharing

Any suggestions to help stop this would be very useful.

Thanks!

https://www.ads-software.com/plugins/blue-captcha/

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Author jotis
(@jotis)

10 years, 4 months ago

Hello.

This is really weird. Blue Captcha has strong hooks on login page and it’s very difficult to bypass it.
Does this happen to all new brute force attacks?

Do you use extra plugins for login (like sidebar login, for example)?
Did you install any new plugins lately?

It would be useful to check raw access logs on your cpanel
to see the raw links the attacker(s) used to login.

For instance, do they look like:

https://domain.com/wpsite/wp-login.php

???

By the way, the logs from “Limit Login Attempts” (as shown in https://docs.google.com/file/d/0B78_0tA4WOnIMUx1TWFpWG9iU0U/edit ) don’t list any other details (like date & time)? Are you sure that those attempts are not recorded in Blue Captcha logs in older dates?

If you don’t want to share “sensitive” information here, please contact through:

https://mybluestuff.blogspot.gr/p/contact.html

Thread Starter Exploreguy
(@exploreguy)

10 years, 4 months ago

Hi Jotis,

Thanks for the quick reply. All good questions.

Does this happen to all new brute force attacks?

No, this just started happening. No changes to the WP install were made or new plugin installed when this started happening. I was on a previous version of WP 3.9.0 when it started but upgraded to see if it was something with the WP version. It clearly didn’t stop after the upgrade to WP.

Do you use extra plugins for login (like sidebar login, for example)?

The only plugin I use are BC and Limit Login Attempts.

Did you install any new plugins lately?

I did upgrade one plugin but it wasn’t security related. I think it was Simple Backup. No new plugins where installed

Are you sure that those attempts are not recorded in Blue Captcha logs in older dates?

I checked the entire BC logs and none of the IPs from the Limit Login Attempts log appear in the BC log.

Thanks! I’ll send you a message with some more information.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘New brute force login attach bypassing Blue Captcha’ is closed to new replies.

Tags