Brute-force protection stats

  • Resolved kcrawford25

    (@kcrawford25)


    2 years, 1 month ago

    I have a wordpress site that is running the Jetpack plugin. I am self hosting this site. On the Security pane of the site is a Brute Force protection box that indicates 27,377 attacks have been blocked on my site.

    What stats does the plugin use to calculate this number from?

    View post on imgur.com

    In my nginx configuration, I have enabled ssl_client_certificate checks to protect the wp-login.php. If a client certificate is not passed with the request of the wp-login.php page, a 403 error is returned. Some examples are below.

    77.91.103.6 - - [03/Feb/2023:13:38:27 +0000] "GET /wp-login.php HTTP/1.1" 403 571 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36 OPR/32.0.1948.45"
185.225.17.125 - - [03/Feb/2023:13:42:09 +0000] "GET /wp-login.php HTTP/1.1" 403 571 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36 OPR/32.0.1948.45"
185.225.17.125 - - [03/Feb/2023:13:42:10 +0000] "GET /wp-login.php HTTP/1.1" 403 571 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36 OPR/32.0.1948.45"
185.225.17.125 - - [03/Feb/2023:13:42:12 +0000] "GET /wp-login.php HTTP/1.1" 403 571 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36 OPR/32.0.1948.45"
    • This topic was modified 2 years, 1 month ago by kcrawford25.
Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support lastsplash (a11n)

    (@lastsplash)

    Hi @kcrawford25

    This number is the number of attacks that we have logged on our end. These could include attacks against wp-login.php and over XML-RPC. We only log the number of attacks, not details about them.

    Thread Starter kcrawford25

    (@kcrawford25)

    In addition to requiring a client certificate to access the wp-login.php, I also have the following configuration in nginx to prevent access to xml-rpc:

    	location ~* /xmlrpc.php$ {
		deny all;
	}

    Looking at the number in the Brute Force Protection card today, it is up to 28,287 attempts blocked which is 910 more attempts than 4 days and 3 hours ago. This seems wildly inaccurate given the traffic this small site receives.

    Plugin Support lastsplash (a11n)

    (@lastsplash)

    Hi @kcrawford25

    I’m checking with our development team for more insight on this. We’ll let you know what we find out as soon as we hear from them.

    Thread Starter kcrawford25

    (@kcrawford25)

    Thanks for the update. For now I have disabled Brute Force Detection and plan to analyze the nginx logs.

    Plugin Contributor Cena (a11n)

    (@cena)

    Hi @kcrawford25 ,

    Some additional information for you!

    These stats specifically relate to blocked login attempts – when the login screen is loaded we first make a request to Protect to check the status of the current IP. If data is found, the API response should supply us detail on how to present the login (show a math auth, or a hard blocked notice). If the attempt subsequently fails, I?believe?that is where we log stats. At least at this point, I am not entirely aware of any other measures Brute force verifies that would add to this count.

    In this case, it’s possible the custom rules you have in place might be interfering with process in some way since it seems like they already deny access to the login unless certain parameters are met. It could be that, or the site could actually be under attack and Brute force is just doing its job.

    Without more information it’s hard to offer a clear answer and even with more information I am not sure we could offer a more certain answer.

    I hope that helps!

    Best,

    Cena

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Brute-force protection stats’ is closed to new replies.