Error inserting record into wp_aiowps_login_lockdown

Hi @mgiordan

It seems some thing issue when inserting record in login lockdown table.

Which AIOS version do you use ?

Can you please cross check wp_aiowps_login_lockdown table do not have any field missing for example ip_lookup_result recently added.

Below image have all fileds for that table please cross check. If it is ok can you send that database query ?

https://snipboard.io/fNcmJE.jpg

Regards

Hi,

Thanks for the reply
The version of AIOS is 5.2.5.
The table contains all the fields that are indicated in the screenshot you posted, as well as the same field type characteristics, including the ip_lookup_result.
How can I make the query you ask me?
Thank you

Hi,

If you set WP_DEBUG and WP_DEBUG_DISPLAY to true in wp-config.php it should show you the database error

you should try invlaid login attempts to get insert in to login lockout, but it might make you lockout.

You can add the disable login lockout contstant below in wp-config.pohp if you are locked and remove your IP from WP Security > Dashboard > Locked IP address list.

defined('AIOS_DISABLE_LOGIN_LOCKOUT', true);

I followed the advice. I enabled debugging but found no errors related to the database insertion problem.

By attempting access from some IPs that I have available, using the login pages, the system works correctly and blocks the IP if the number of attempts is exceeded or if a username from the blacklist is used.

Looking at the log files I noticed that the problem occurs with access attempts via XMLRPC.

I simulated logins with XMLRPC with username in the backlist and logins with repeated password errors and the security system does not work. Attempts are reported in the audit log but are not recorded in the database and are therefore not blocked.

Here are some examples of audit log and debug log records:

audit log: 2024-01-11 10:11:31 warning admin 104.129.46.83 Failed login Failed login attempt with an unknown username: admin Show trace
debug log: 2024-01-11 10:11:31 FAILURE Error inserting record into wp_aiowps_login_lockdown debug

audit log: 2024-01-16 15:09:10 warning admin 103.166.153.0 Failed login Failed login attempt with an unknown username: admin Show trace
debug log: 2024-01-16 15:09:10 FAILURE Error inserting record into wp_aiowps_login_lockdown debug

audit log: 2024-01-16 03:56:29 warning andresviva 89.187.163.216 Failed login Failed login attempt with an unknown username: andresviva Show trace
debug log: 2024-01-16 03:56:29 FAILURE Error inserting record into wp_aiowps_login_lockdown debug

This last example, from IP 89.187.163.216, over 830 consecutive access attempts were made via XMLRCP, without the IP being blocked.

I disabled XMLRPC access and so far the problem seems to be resolved.

AIOS not working with XMLRPC logins?

Thanks to the availability

Hi,

If there is error in insert in database might be php back trace have some issue. If possible try disable it.

XML RPC if getUserBlogs try login and AIOS will consider failed login. If failed login from the same IP it should login lockdonwn also but you have the error might be due to that it do not lockout.

I will create an internal ticket to check this in more details.

Regards

Hi

Thanks for the reply

At the moment with XML RPC disabled it seems to work normally.

I tested by creating a new installation of wordpress, on the same hosting server, using the default theme without loading any articles, any media or any pages, any plugins other than AIOS and the problem is the same.

If I have the chance I will try another hosting service.

Thank you