username empty attack

  • Resolved laellou

    (@laellou)


    4 months, 1 week ago

    I have a lot of attacks

    “This email was sent from your website “JDG” by the Wordfence plugin at Wednesday 17th of July 2024 at 09:26:25 AM

    A user with IP address 111.90.148.123 has been locked out from signing in or using the password recovery form for the following reason: Exceeded the maximum number of login failures which is: 3. The last username they tried to sign in with was: ”.
    The duration of the lockout is 4 hours.
    User IP: 111.90.148.123
    User hostname: server1.kamon.la
    User location: Kuala Lumpur, Malaysia??

    I have change the login page,

    block the access on my CDN except for France for wp-admin, login.php and account/lost-password and for my login page

    XML-RPC is deactivated

    So I don’t understand how is it possible and how is is possible that ” The last username they tried to sign in with was: ‘’.

    Username is empty ? 

    Could you help me ?

    Best regards,

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @laellou,

    Largely speaking we would say having a large amount of activity attempting to access a WordPress website is a fairly normal occurrence. We generally believe a manual blocking regime is unnecessary, but you can attempt permanent blocks if you’re concerned about site speed or resources. If it’s not really affecting legitimate users and their experience on your site, they may not need to be permanently blocked and you can leave Wordfence to just continue dealing with them in real-time.

    However, in the specific case of why precisely a Malaysian IP is trying to log in when you’ve taken steps to block other countries using a CDN is down to the accuracy or strictness of that setting. Whilst I was unable to access your website from an IP registered in the USA, I was able to access the site from IPs registered in Malaysia, amongst a few others.

    Many thanks,
    Peter.

    Generosus

    (@generosus)

    Hey @laellou,

    As @wfpeter suggested, check your CDN WAF (country blocking) rule to make sure it’s set up properly. Also, keep in mind your CDN could have been temporarily disabled (i.e., in development mode) when that event occured.

    At our end, we’re blocking Malaysia using a Cloudflare WAF rule with no issues.

    Let’s be thankful Wordfence is doing a great job to protect our sites.

    If satisfied with the above, please close this topic as “Resolved.”

    Thank you!

    ———————–

    Note: Please consider upgrading to Wordfence Premium which allows you to block Countries and many other bad actors.

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.