iThemeS Security blocks me out even with IP white listed

I would check your htaccess file and see if your listed there. It looks like your username may be banned. You could search the itsec tables and delete any rows where you see your username and ip.

Hi,

thanks for your suggestion, I will surely do that in the next emergency. For the last occasion, it was auto-solved after the hours of “being banned” passed.

But now the doubt stays, how could this happen if:

1) I have whitelisted my IP address
2) The alert message of “coming back in few hours” was shown even from different dynamic IP devices tested through a cross browser simulator which uses machines in USA (I am in Europe). Those IP never tryed to log in that website before! This is strange.

It seems like they have found a critical point to let iThemeSec go “crazy” and block eveybody and everything..

I’ve had a similar situation. The solution should be to give IP whitelisting overriding priority over user banning, me thinks.

Hi,

the solution thought by @galbaras sounds good!

Has anyone an idea on how to implement it?

But the point maybe I dind’t explain so well is that it seems a bug because the website becomes:

• blocked from every device and every IP address,
• even from new IP visitors,
• even before entering the username (so it is not the user banning feature)

@snap-shot

By default the iTSec plugin locks a user or IP out temporarily for 15 minutes.
Did you modify any of the default (lockout) settings ?

Also “Too many faileed login, try again in the next 8 hours” is not a default iTSec plugin message. Did you change it (which is possible) ?

If not, is there any other active plugin that may be at work here ?

Hi,

I have changed:
– Lockout Period: 60 minutes
– Community Lockout Message: I have put a general error message not realting to security

There is no other security related plugin or concerning with users management..

@snap-shot

Ok, so where is that “Too many faileed login, try again in the next 8 hours” message coming from ? It’s not a default iTSec plugin message …

Well, probably I remember that I had changed the time after the last problem happened (that should have been 480 min) and probably the messaage also.
What other details can I provide?
Is the only chance wait for the issue to happen again?

If you get your password wrong a few times in a row, you should get locked out. You can play with the attempt number and the lockout period when you test and pick a time when you don’t actually need to do anything on the site.

Thank you Gal Baras,

anyway I have never enterd a wrong password. The case is different, to be more clear for everyone who reads this thread, I riassume the problem to be solved.

1. Somebody was trying to brute force the website (the iThemeSec Log showed many attempts)
2. My IP address was already whitelisted, but I could neither access and got the locked out message
3. The “locked out message” of “coming back in few hours” was shown even from different PC and dynamic IP devices tested through a cross browser simulator which uses machines in USA (I am in Europe). Those PCs had never tryed to log in that website before! This is strange.

It seems like the hacker has found a critical point to let iThemeSec go “crazy” and block eveybody from every devices in the world.

Any idea from the Plugin Support?

This problem occurred two times during the past 3 months.

You may not have entered the wrong password, but someone else might have done it.

Try testing it as above.