Receiving database error regarding login lockdown

Hi simco one of the plugin developers will investigate this issue for you further.

In regards to your other two question in different support threads, are they related to this one or are they separate issues?

Regards

They are related only in the fact that the error message I posted here is the failed attempts at logging the repeated failed login attempts into the database. This could result in the inability of the plugin to actually block further repeated attempts from the same IP’s.

I’ll look forward to hearing from the developer(s). Thanks!

Hi sinco, one question. Have you enabled the Rename Login Page Settings or the Cookie Based Brute Force Login Prevention under Brute Force?

Yes, just the rename login page is enabled.

This is the reason I posted in the other threads, the question is ‘how are they finding the login page in order to conduct these brute force attacks’. The other posts were related to that same issue/topic so I posted my issues there as well

When did this issue start to occur?

Hard to say, actually. I deleted the old error_log without looking at it because it was about 2.6mb’s and thought it was just dead weight. That was about 2 days ago. Then, I noticed the new error_log was about 240k in just 2 days so decided to investigate and noticed the error. I’m assuming this has been occurring since the plugin was installed initially.

Okay thank you. You also mentioned in the other post that you have had too many login attempts?

Do you have any other security plugins installed? Do you have a cache plugin installed?

No other security plugins are installed. Nor is there any caching plugins installed.

Regarding the login attempts, I think what I was trying to say is that we are currently receiving notices via AIO stating a site lockout was imposed due to someone attempting to log in under an unregistered name (admin). Here’s an example of one just received in the last hour:

A lockdown event has occurred due to too many failed login attempts or invalid username:
Username: admin
IP Address: 182.160.155.72

IP Range: 182.160.155.*

Log into your site’s WordPress administration panel to see the duration of the lockout or to unlock the user.

Over the past 48 hours I have received about 150+ of these all pointing to different IP addresses but all trying to log in under ‘admin’ username which doesn’t exist. It’s obviously some ‘bot’ or automated program making the attempts. But the question remains as to how they found the hidden login page.

Hi are all the IP addresses in the same range or are they totally different?

Totally different. Basically from all over the world and obviously using proxy servers. The last two were from the U.S. and Japan. The one before that was from France.

Okay, the strange thing here is that I am using this plugin on all my websites and I don’t have this problem.

I have the following enabled…

1) WordPress Pingback Vulnerability Protection
2) Enable Rename Login Page Feature:

Plus some more options of course.

@simco,
The error obviously seems to indicate that
Can you login to PHPMyAdmin and check if the “xx_2_aiowps_login_lockdown” table is actually there?
If you have other subsites within this multisite installation also check if they have their own “xx_aiowps_login_lockdown” table too.

Hi, I’m experiencing the same issue and can confirm that none of the aiowps database tables are actually there (aside from within the options table). Nor are they being rewritten when deactivating/rectivating – deleting/reinstalling the plugin. I’m also getting errors for –

aiowps_login_activity’ doesn’t exist
aiowps_events’ doesn’t exist

I’m also getting the following message about the db cleanup cron job – could this be telling?

AIOWPSecurity_Cronjob_Handler->aiowps_daily_cron_event_handler, do_action(‘aiowps_perform_db_cleanup_tasks’), call_user_func_array, AIOWPSecurity_Backup->aiowps_scheduled_db_cleanup_handler, AIOWPSecurity_Utility::cleanup_table

I have had this issue with an ever increasing error_log since migrating from a local install, but I have to say other builds have been fine. I’m wondering if I manually deleted the tables at some point accidentally – but this seems unlikely as I can’t find a backup with complete tables in it, so can’t identify when that may have happened – I love the plugin, so do my clients – please help!

Hi @root Creations can you start a new support thread.

Thank you