Suspicious user logins in sessions

  • Resolved Dave Gaskin

    (@peakwebsites)


    4 years ago

    Hey,

    I’m pretty new to WP Cerber and web security but I installed WP Cerber in the main install of a multisite network. It’s only 3 sites in total. I was logged into today to the network admin account where the plugins installed and when I checked the ‘Sessions’ tab in the dashboard I noticed a couple of spammy looking log-ins:

    https://drive.google.com/file/d/1MxQVFzLqlj7P3E7BKHdccRR6BIYhbM5X/view?usp=sharing

    In case the like doesn’t work, both logins had the same username bbbbbb bbbbbb, they were logged-in a day apart, and the both the IP and host info were different for each.

    Where is this login activity coming from? Is this an issue with my hosting provider? Something else? Did WP Cerber not catch them? There are only 5 sessions in total in the sessions log. The other 3 were from me. Is my site in trouble?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author gioni

    (@gioni)

    Hi! You need to check Cerber’s Traffic and Activity logs for requests from those IP addresses to get an idea of what’s going on. WordPress sessions can be easily created programmatically, e.g., by a plugin.

    Thread Starter Dave Gaskin

    (@peakwebsites)

    Okay, I looked at the Activity and Traffic and it appears like these two IP’s were attempting to do some malicious stuff.

    https://drive.google.com/file/d/1jF265gVVqxgqdCfZr86Pk8a28BkNPv2K/view?usp=sharing

    I guess my question is, what do I do from here? Are they already in the system? It says they’re Local users? Do I need to take action?

    Plugin Author gioni

    (@gioni)

    Yes, you’ve got a new user. I personally would delete this account.

    Thread Starter Dave Gaskin

    (@peakwebsites)

    Okay, but isn’t your plugin supposed to prevent users like this from being able to “register”? What am I doing wrong?

    Plugin Author gioni

    (@gioni)

    There are many ways to get users registered. In your case, it’s the checkout page. WP Cerber doesn’t prevent a user from being registered per se. It can stop bots from being registered (if the anti-spam enabled), not a human with a strange name or bad intentions in mind.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Suspicious user logins in sessions’ is closed to new replies.