AIOS doesn’t send notifications

Hi,

What notification emails are you expecting that you are not getting?

Do general emails from your site work for example the password reset email?

Best Wishes,

Ashley

Hi. Sorry for a very late reply to your comment. I have a server in a hosting company. Server is poorly secured on the hosting company side. On the server there are few domains with WordPress installations. Someone broke the server and damaged WP sites. On one website attacker deleted AIOS plugin. I repaired the sites, cleaned from viruses and moved to another hosting company. On another site I checked server sending e-mail capabilities with PHP mail through FluentSMTP plugin. It works. I also got notification to mail from AIOS about files change (cron task). But notifications don’t work for failed logins. I have set few login names for instant lock out – <https://i.imgur.com/Anj9T5h.png>, but when on the failed logins list is login name which is not on the User Security the AIOS does not notify me – <https://i.imgur.com/swyM03j.png> Generally speaking I don’t have any notifications on mail about login lockouts.

Hi @krozycki

Ok, I can see you have notify by email fro login lockout enabled. and if some one tried invalid login attempts and locked out it should sent you email. It is done with cronjob. If you are receiving the file chage emails than it should not be issue of cronjob also

Can you please cross check your email spam do not have those loging lockout notification email.

I will also create intenral ticket here to try replicate issue.

Regards

Hello, @hjogiupdraftplus

Yes. Notification about modifying files somehow worked. But notifications about login lockout don’t work. I didn’t make any changes in configuration in AIOS. I have hardened set of rules. Maybe attacker destroyed some files in AIOS plugin, but notifications don’t work even I reinstall plugin from ZIP file from www.remarpro.com site and use plugin data from WP database.

I would notice if notifications messages were in spam folder. I set Google Mail for notifications which I mostly use in web browser.

Hi @krozycki

can you please uncheck the Enable php backtrace in email and cross check ?

https://snipboard.io/iOLRjt.jpg

Please enable debug log in wp-config.php setting below if any error log logged.

define( 'WP_DEBUG', true ); 

Also Please install WP Control. Email logging plugin where you can run the cron events. try run aios_15_minutes_cron_event and cross check if it sends (logs) email or not or have any error logged.

Regards

Hello, @hjogiupdraftplus

I turned off PHP backtrace in e-mail in WP Security Dashboard – User Security / Login lockout.

WP_DEBUG true I have always set to true in wp-config.php

WP Crontrol (not Control) plugin I have installed. Cron event: aios_15_minutes_cron_event works but I does nothing.

I don’t have any new logs in Fluent SMTP plugin, which gathers all logs regarding to e-mails sending.

Hi @krozycki

Did you have done login lockout events in beween ?

If you have login lockout any record then only it will send mail.

If there is login lockout events inbetewen there should be some error.

Regards

Hello, @hjogiupdraftplus

I’ve check the plugin on other hosting server with WordPress installation. There are many failed login attempts on that WP instance every day (dozens or even hundreds). I checked via Fluent SMTP e-mail sending the new e-mail address I’ve added and aios_15_minutes_cron_event – event works but with no result. It’s sad but I’m seriously considering switching to another plugin (e.g. Sucuri or something similar), because in situation when I need to be urgent notified It does not fulfill its intended function. To me AIOS plugin is broken.

Hi @krozycki

failed login attempts is not only due to login page it might be alos due to xml rpc call of getUserBlogs.

If you will cross check the WP Security > Dashbaord > Audit logs – stack trace and if that is the case disable xml rpc from WP security > Firewall > Basic firewall rules.

Regards

Hello, @hjogiupdraftplus

A week ago I received an e-mail with a collective list of incorrect login attempts, containing several hundred entries. They were from January 2nd to January 18th.

Hi @krozycki,

Can you please cross-check the audit logs stack trace is it regarding the getUserBlogs ?

WP Security > Dashbaord > Audit logs

Regards

Hello. I don’t know how to do that. What is this with “getUserBlogs”about?

Hi @krozycki,

wp_getUsersBlogs is xml-rpc call which calls the authenticate hook and have failed login attempt.

Below is the details of the stack trace you should find for failed logins.

WP security > Firewall > PHP rules have Completely block access to XMLRPC: and Dissable Pingback option pelase enable it as you have incorrect login attempts

["file"] => string(76) "/home/xxxxxxxxxxxxxxxxxxxx/wp-includes/IXR/class-IXR-server.php" 

["line"] => int(109) ["function"]=> string(16) "wp_getUsersBlogs"

https://snipboard.io/fgUc9i.jpg