problem protection attack brute force

  • Resolved HDcms

    (@hdcms)


    5 years, 2 months ago

    HI,
    I have been using your extension for some time.
    I changed wp-admin to fight “brute force attack”
    “Your WordPress login URL has been renamed.
    Your new login URL is: xxxxx ”

    Despite this, there are some pirates who try
    “A lock event occurred because of an invalid user name or an excessive number of unsuccessful login attempts:
    Username: yyy
    IP Address: 197.232.36.60 ”
    yyy is a good username.
    How do they then that / wp-admin / is not available.

    Regards

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    They might be targeting the following file xmlrpc.php. This file can be found in the WordPress root directory of your website installation. Enabling one of the following features will help you even further.

    Completely Block Access To XMLRPC:
    Disable Pinback Functionality From XMLRPC:

    Kind regards

    Thread Starter HDcms

    (@hdcms)

    Hi,
    Thank you for your answer on this extension already interesting
    I already configured these 2 parameters:
    * Completely Block Access To XMLRPC:
    * Disable Pinback Functionality From XMLRPC:
    but that does not stop them from trying!
    Is there another idea?
    or is it possible to automatically blacklist the ip address if more than 5 trials
    Regards

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    I already configured these 2 parameters:
    * Completely Block Access To XMLRPC:
    * Disable Pinback Functionality From XMLRPC:

    You should only activate one option and not both.

    Try the following test. Activate the following feature Completely Block Access To XMLRPC:, then use a different browser or log out.

    What happens when you type the following in your browser?

    yoursite.com/xmlrpc.php

    What do you see?

    Thank you

    Thread Starter HDcms

    (@hdcms)

    Hello,
    Before deactivating the 2nd box, I have the display in Firefox
    “XML-RPC server accepts POST requests only”

    Then under Chrome, I left checked: “Completely Block Access To XMLRPC:”
    I go on firefox, I have the message “404 The page can not be found.”

    I feel like it’s good?

    Regards

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    I feel like it’s good?

    Yes that is good. It means those features are working correctly.

    There must be something in your site that they are targeting. Or maybe one of your other plugin is causing this.

    You should really speak to your host support team. Find out why this is happening. If you know what country they are coming from, you could also block that country. This can also help.

    I am also curious to know.

    Kind regards

    Thread Starter HDcms

    (@hdcms)

    Hi,
    Thank you very much and I tell everyone.
    I have not seen the country where the attacks come from?
    Regards

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    I have not seen the country where the attacks come from?

    You might be able to do an online trace through one of the free online tools available.

    Regards

    bonjour,

    j’ai le même problème depuis quelques semaines avec plusieurs sites. Des pirates arrivent à avoir accès à la page admin même en ayant mis des mots de passes complexes, activer brut force et complètement bloquer l’accès à XMLRPC. Y’a t-il un bug au niveau du plugin?

    Thread Starter HDcms

    (@hdcms)

    Bonjour,
    Non pas de bug. Il ya plusieurs moyens de se connecter. Pour moi cela a été résolu en appliquant ce qu’il dit

    Plugin Contributor mbrsolution

    (@mbrsolution)

    @hdcms, is your issue resolved? If it is you might like to close this support thread.

    Thank you

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘problem protection attack brute force’ is closed to new replies.