whitelisted-host-triggered-host-lockout

  • Resolved fullermetric

    (@fullermetric)


    2 years, 3 months ago

    I believe the update to I-Themes Security Pro Version 7.2.3 |may be the cause of the pain I am experiencing today being the site admin and getting forceably logged out. Our i/p is whitelisted. The Raw details of the event log file show this: (yes, I changed our i/p address for this forum.)

    Why does it think I am making multiple attempts when all I am doing is site administration and not logging in over and over again.

    id               => 112449
module           => lockout
type             => notice
code             => whitelisted-host-triggered-host-lockout
timestamp        => 2022-11-18 22:44:22
init_timestamp   => 2022-11-18 22:44:22
remote_ip        => 184.xxx.xxx.xxx
user_id          => 3
url              => https://volkelstore.com/wp-login.php?interim-login=1&wp_lang=en_US
memory_current   => 32184728
memory_peak      => 32676152
data             => Array
    module               => brute_force
    host                 => 184.xxx.xxx.xxx
    user_id              => [boolean] false
    username             => [boolean] false
    module_details       => Array
        type     => brute_force
        reason   => too many bad login attempts
        label    => Brute Force
        host     => [integer] 3
        user     => [integer] 3
        period   => [integer] 5
    whitelisted          => [boolean] true
    blacklisted          => [boolean] false
    lockout_type         => brute_force
    lockout_start        => 2022-11-18 14:44:22
    lockout_start_gmt    => 2022-11-18 22:44:22
    lockout_context      => O:40:"iThemesSecurity\Lib\Lockout\Host_Context":5:{s:46:"iThemesSecurity\Lib\Lockout\Host_Contexthost";s:12:"184.xxx.xxx.xxx";s:55:"iThemesSecurity\Lib\Lockout\Host_Contextlogin_user_id";N;s:56:"iThemesSecurity\Lib\Lockout\Host_Contextlogin_username";N;s:62:"iThemesSecurity\Lib\Lockout\Host_Contextuser_limit_triggered";b:0;s:51:"iThemesSecurity\Lib\Lockout\Contextlockout_module";s:11:"brute_force";}
    lockout_expire       => 1970-01-01 00:00:01
    lockout_expire_gmt   => 1970-01-01 00:00:01
    lockout_host         => 184.xxx.xxx.xxx
Viewing 5 replies - 1 through 5 (of 5 total)

  • Hi @fullermetric,

    The logged URL indicates the lockout occurred on a failed interim login attempt.

    In theory a single failing interim login attempt can trigger a lockout (when it completes the threshold). But since your IP is added to the authorized hosts list it should not actually lock you out.

    So perhaps you are mixing up an iTSec plugin lockout with a regular WordPress expired session (which triggers the WordPress interim login dialog box to be displayed on screen) ?

    Or are you actually being redirected to the iTSec lockout page?

    +++++ To prevent any confusion, I’m not iThemes +++++

    Thread Starter fullermetric

    (@fullermetric)

    Did some further toubleshooting and I am getting the same problem with Ithemes disabled so I don’t think the plugin update is the problem. I am getting logged out consistently after 15 minutes after logging in successully.

    The other security plugin we use is WP Cerber shows that /wp-admin/admin-ajax.php was invoked 15 minutes after logging in with the message Login failed Invalid Cookies cleared.

    When I get this figured out I will be sure to post the answer.

    Thread Starter fullermetric

    (@fullermetric)

    Found the problem… This turned out to be a role based setting under WP Cerber plugin.
    Someone had set the user expiration time to 15 minutes for Administrator roles. Glad this is resolved.

    @fullermetric

    Ah ok. Thank you for letting us (the community) know.
    Kindly mark this topic as ‘resolved’.

    Thread Starter fullermetric

    (@fullermetric)

    Resolved.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘whitelisted-host-triggered-host-lockout’ is closed to new replies.