not blocking IP address of illegal Usernames

  • Resolved embraer

    (@embraer)


    7 years, 2 months ago

    I am a paying customer on 2 other sites, and just starting on this one. Perhaps I need to pay to get this service, if so, let me know, and I’ll but the 3rd.

    Currently, I have 3 UN’s that I consider not legal to login with,

    admin
    administrator
    returnflightonwardtravel (name of site)

    ironically, now, I get 100’s of email FAILED LOGIN attempt emails notifications from Succuri every day.

    it’s constantly these 3, and they always come in 2x, so, for example, it will be an attempt for ADMIN, at XX.XX.XX.XX and it’s 2x, from that IP address. This has been going on for a few weeks now, I thought it would slow down as I get the addressed built up.

    It seems like there are some addresses being blocked, but, not from these 3 UN’s. which are my biggest headache

    Is it possible that some of my permissions are not set properly?

    I’ve checked the Diagnostics page on WF, and all seems in the green.

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)

  • Hi @embraer,

    Could you please check the Wordfence -> Firewall page (Brute Force Protection tab) and confirm you’ve enabled the Immediately block the IP of users who try to sign in as these usernames feature — and specified the 3 usernames you mentioned?

    Thread Starter embraer

    (@embraer)

    First off, thanks for responding so quick.. Just another reason to buy another license with you guys.

    I’m on the page, and everything is checked. There is on seperate way that I see of “enabling” that, except to put the names that I mentioned in the List Box, all on seperate lines.

    I’ve also added more names, as a test, and added the 3 again, so, admin, administrator etc, is in there 2x now. seperate lines.

    I wish I could add a screen shot for you.. just so you can verify.

    Hi @embraer,

    I’m not sure I understand…

    Do you mean that you already had the usernames specified in the “Immediately block the IP of users who try to sign in as these usernames” box?

    Or have you just entered them?

    Thread Starter embraer

    (@embraer)

    they have been there the whole time.. and then put them in on another line.. so.. now, I have them in 2x..

    3 sepereate UN.. 2x.. so a total of 6 lines. Just in case.

    Eithere way.. it’s still not blocking the IP addresses

    Thread Starter embraer

    (@embraer)

    HI, sorry to bother with this.. but.. it’s still not fixed.

    Any suggestions, or what me or my dev’s should look into?

    Hi @embraer,

    Sorry about the delayed response.

    Can you check if the IP addresses of users who try to sign in as the aforementioned usernames are actually blocked. You can do so by going to the Live Traffic page and selecting the “Locked Out” traffic filter.

    The behaviour you’re seeing could be caused by the fact that Sucuri’s code is being executed before that of Wordfence, therefore notifications from Sucuri would still be sent regardless of Wordfence firewall’s configuration.

    I suggest you look into the Sucuri plugin configuration on your site.

    • This reply was modified 7 years, 1 month ago by wfyann. Reason: Additional info
Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘not blocking IP address of illegal Usernames’ is closed to new replies.