SCARY! Limit Login Attempts lockout bypassed?
-
Hi there!
Yesterday I got brute force attacks on my site and although I had “Limit Login Attempts” (v1.6.2) activated, the same IP could go on trying login (?)
I got mail alerts, telling me the IP number was locked out but it seems the guy (bot?) could go on immediately trying from the same IP just ignoring the plugin (?)All the mails below arrived with and at the same time.
Even if it was my mail server did not do the job, how can emails still keep on coming when the IP is supposed to be locked out twice for 6 hours? Please see below:***********************************
3 failed login attempts (1 lockout(s)) from IP: 94.73.238.234
Last user attempted: admin
IP was blocked for 45 minutes
—————————–
6 failed login attempts (2 lockout(s)) from IP: 94.73.238.234
Last user attempted: admin
IP was blocked for 6 hours
—————————–
3 failed login attempts (1 lockout(s)) from IP: 94.73.238.234
Last user attempted: admin
IP was blocked for 45 minutes
—————————–
6 failed login attempts (2 lockout(s)) from IP: 94.73.238.234
Last user attempted: admin
IP was blocked for 6 hours
—————————–ALL THE MAILS ABOVE ARRIVED IN MY MAILBOX AT THE SAME TIME WITH SAME DATE AND HOUR.
So if Limit Login Attempts worked, how can that happened?
There should have been more than 12 hours in between the first and last lockout(!)I use WP 3.2.1 and just updated LLA plugin from v1.6.2 to v1.7.0.
I of course finally excluded the concerned IP with others in my HTACCESS file but I am wondering now if Limit Login Attempts plugin can be bypassed by some shady technique?What if the guy (bot) retry again tonight from another IP? Can this finally damage my database?
THANK YOU for your help and concern!
Jamy
https://www.ads-software.com/extend/plugins/limit-login-attempts/
- The topic ‘SCARY! Limit Login Attempts lockout bypassed?’ is closed to new replies.