Run-away site lockout notifications

  • Hi,

    I’ve received more than 1,000 lockout notifications in the past hour+ apparently all with the exact same message. The host IP has already been added to the Ban list. I tried turning off email notifications and even disabling the plugin and the emails still keep coming in. Any suggestions? I’m running the most current version of WP and the plugin. Thanks.

    The message:

    Dear Site Admin,

    A host, 78.110.163.196, has been locked out of the WordPress site at https://www.yoursitename.com due to too many bad login attempts.

    The host has been locked out permanently .

    *This email was generated automatically by iThemes Security. To change your email preferences please visit the plugin settings.

    https://www.ads-software.com/plugins/better-wp-security/

Viewing 4 replies - 1 through 4 (of 4 total)

  • Hi,

    Is the IP added to the Ban Users list? If not, can you add it and see if that helps?

    If it is added can you see if it’s written to your .htaccess?

    As for the emails, can you ask your host for your email error logs?

    Thanks,

    Gerroald

    Hi, I got many notifications since yesterday
    it seems some one is trying to scan my usernames and passwords

    In logs file Expires = 2015-10-24 23:11:17

    Expires_gmt = 2015-10-24 23:11:17

    Type = Brute_force
    Invalid Login Attempt 5 2015-07-12 19:11:17 118.92.154.209 admin
    Host or User Lockout 10 2015-07-12 19:11:17 118.92.154.209 Details
    Host or User Lockout 10 2015-07-12 19:11:17 Details
    Invalid Login Attempt 5 2015-07-12 19:08:30 175.156.93.187 admin
    Host or User Lockout 10 2015-07-12 19:08:30 175.156.93.187 Details
    Host or User Lockout 10 2015-07-12 19:08:30 Details
    Invalid Login Attempt 5 2015-07-12 19:03:19 109.182.56.128 admin

    I am having this same problem

      I banned the ip on the site level
      the server level and
      in the fire wall
      deleted the plugin entirely,
      deleted all email ques
      emptied all caches and
      restarted the mail service
      restarted the server

    and still getting 1000’s of emails.

    Did I get hacked or is this a bug.

    Thread Starter tomnoffsinger

    (@tomnoffsinger)

    Gerroald,

    Yes, it was added to the ban list. It looks like it finally stopped when I got the host to ban the IP from the server entirely.

    Yes, it was added to the .htaccess file as well. Our email (which is a different domain, this is a client account) is handled through gmail for business, so I’m not sure where the error logs would be for email, unless it’s some type of outgoing email log you mean for that domain?

    Thanks

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Run-away site lockout notifications’ is closed to new replies.