Repeatedly locking me out

Have you double checked that your public ip address is what you think it is? You can use whatismyip.com. If that doesn’t show the same as what is being locked out, try going to a non-existent page on your site, then download and search the traffic logs for that page, see what ip address was recorded when you hit it. Please let me know what you find when you check those things.

-Michael

Michael, using the link you provided, I got my IPv4 address and it starts with 98. The IP being blocked always starts with 62. I looked at my traffic logs prior to my going to a non-existent page and that IP is most definitely attacking my site. High hit numbers.

When I do visit any page on my site, or log in, it registers my IPv6 IP.

Do you think that one IP that it’s locking out is hitting so hard that the plugin is just locking the site down entirely for log ins?

I’m going to block that IP and see if that helps too.

My plugin would not do that. If you have other security plugins they might, but then I wouldn’t expect renaming Login LockDown to let you back in. It could be an issue with the way I check the ranges on IPv6 addresses, is it a 4 or 6 that is triggering the lockouts?

-Michael

The only other plugin I have on this site that might be checking anything similar is GM Block Bots. But, I’ve been having this issue with LL on sites well before adding that plugin, and have same issue on client sites. Seems to run in spurts. But, I haven’t dug into it like this before.

The 62 IP is IPv4. And renaming LL always lets me log in.

I did a reverse look up on that IP and it is blacklisted, but only on one list. Usually I find bad bots on multiple lists, so perhaps this is a new IP for a hacker.

Like I said, my IPv4 starts with 98, so hard to see how that would be even close to the same range, but then, not sure how you translate from IPv6, which is what it registers in the logs.

I tried several other “what’s my ip” sites. They all show the same IPv4. The only place I’ve seen my IPv6 is in a Google Knowledge Graph type box. Doesn’t show where it’s pulling that info from like regular KG boxes.

If you wouldn’t mind helping debug this I would appreciate it, assuming you have a moment to do so. If you create a small script named myip.php with this code it in:

<?php

$ip = $_SERVER['REMOTE_ADDR'];

echo $ip;

Upload and then visit it, it will let us know what php is seeing as your ip. Then if you could, please check the wp_login_fails (replacing wp_ with whatever your actual db prefix is) using phpmyadmin, and let me know if you see it in the entries anywhere. This query will show the most recent fails:

select * from wp_login_fails order by login_attempt_ID desc limit 75;

Edit: Also, please let me know if you see any empty entries in the database, as that could be an issue as well.

-Michael

Happy to help. And FYI, I had blocked that IP address about an hour ago and did not have issues logging in. Not saying that blocking is why I could log in, just saying the order I did things. I didn’t attempt to login prior to blocking. And I did that blocking via cPanel.

I created that script file and visited. It displayed my IPv6 correctly.

Went to the database and ran the query. All the ones returned were the IP starting with 62. I also looked at the times and dates. They stopped from that IP yesterday, just before 1:00 am. According to the times, definitely a rapid fire attempt.

So, as long as I can log in, I don’t think I’ll be able to help troubleshoot further. But, will keep this thread marked. As I said, happens to other sites on occasion, and now know more about what to look for.

Ok, thanks for helping look into it. Still not entirely sure why you were getting blocked but at least now you can get in. Please feel free to update if it happens again.

-Michael

Michael, wanted to let you know that since I manually blocked that other IP address that was hammering the site, I haven’t had any more trouble with being locked out.

But, did have the same situation on another client’s site. Once we blocked the offending IP, she no longer had trouble being locked out. And the IP addresses for both IPv4 and IPv6 were very different, just as they were on my site.

So, definitely something that the plugin is triggering on, but hard to say what. Thing is, if it’s just getting overwhelmed and locking everyone out, maybe that’s not such a bad bug ??