spaciouscritter

OK, I can usually get back into my admin panel by renaming or deleting the plug-in. But today I’m getting a white screen when I try to get into my admin panel and Away Mode shouldn’t be active.

To make matters worse, I’ve renamed to override the plug-in, as usual, and I still can’t get into my admin panel. Further, I can’t find “your_db_itsec_lockouts”, “your_db_itsec_log”, “your_db_itsec_temp” to delete them. I’m in my database using Cyberduck and searches don’t turn them up, I guess because they’re in a table, they’re not files. What file contains the .htaccess code? I haven’t been able to find any .htaccess files.

Changed the plug-in folder name by adding a “2” at the end. That got dropped above. You can change it to whatever you like.

OK, this is a partial fix to the above problem. I went into my WordPress install via ftp and disabled Security by renaming the plug-in folder, which was “Better WP Security”, changed it to “Better WP Security”. Strangely, once I opened a new tab and entered the standard dashboard url using “wp-admin”, I was sent straight to my Dashboard without having to log-in. But I got in, saw that Security was no longer offered in my Dashboard and logged out to see what would happen.

I called up the same url with “wp-admin” and it re-routed me to my log-in page which is still at “wp-login”. I tried logging in and got re-routed to the same problem page telling me “You do not have sufficient permissions to access this page.”
Hmmm…

I noticed the url had additional stuff following a forward slash which apparently leads to this problem page. So I stripped the extraneous stuff from the url and went straight back into my Dashboard. Now, every time I go to log-in, the login form page takes me
straight to my Dashboard. No more problem.

Except, now, my site is probably being brute forced all over the place and I have no way of knowing. I still don’t even know why this brutish stuff is going on, like why is ignorance not bliss if we don’t run security. I’m not saying we should, I know, Boris and Natasha carry big bomb…but I have no idea how to get the plug-in running again without also totally locking myself out.

What To Do?
–or– (for those of us old enough to remember Bullwinkle cartoons)
Boris and Natasha Plot to Eat Borscht Inside Your Laptop!

Tried to disable “better-wp-security” via ftp access by renaming the plug-in folder to “better-wp-security2”.

That worked to bring back my admin log-in form at “wp-login” where my laptop automatically fills in user and password info. But now wp-login reroutes back to my original admin log-in page–https://www.acmeworx.com/wp-admin/admin.php?page=toplevel_page_itsec_settings

and that’s as far as it gets, returning the following on an otherwise blank screen:

“You do not have sufficient permissions to access this page.”

Still feel too nervous to want to try doing anything with a brand new download of ‘phpmyadmin’. Wish I’d known how to use it already.

Now I’ve dug a little deeper, I realize that ‘phpmyadmin’ is not part of my host’s cPanel, it’s a download I need to figure out how to use. This seems like an extremely dangerous route to send novice WordPress users on. I’m not exactly a novice but I do remember how overwhelming navigating through so many different sites, creating oodles of ‘strong’ passwords, etc… was at the beginning. To send a beginner through wikipedia to try to figure out how to use ‘phpmyadmin’ in order to dink around with the database seems incredibly crazy.

I think iThemes Security should come initially packaged with hefty documentation and big fat warnings about how easy it is to screw up while doing the ‘step by step’ from within the Security section of the admin panel. For those of us who weren’t fully aware of what a step like ‘change wp-admin to wp-login’ could do, it fully sucks to have not been duly warned of how badly things can go.

And yes, I’m going to try to learn how to use ‘phpmyadmin’ and hope to hell I don’t really set the forces of hell upon my beleaguered site. Any kind of help towards this end would be very much appreciated.

OK…I’m trying everything that’s been suggested above to no avail. I can’t get into my site after setting some seemingly innocuous settings a few days ago which happened right before I had to hit the road. I had no problem logging in, religiously whitelisted my IP and used Away Mode every time I was about to log out. Where I ran aground seems to be in changing locations. I meant to whitelist the new IP but was road-weary and too wiped out to do it the minute I got to my new digs. Now I’ve been locked out for days.

Problem with i-Sync is it requires that my wp-login works, problem is, it’s having the same problem I’m having. Once I clicked ‘fix it’ to have wp-admin changed to wp-login, then changed locations, I repeatedly get a 404 error. When I tried going back to using wp-admin, I get a white screen, nothing. So I can’t install i-Sync, though it seems like it would be really nice.

As for the manual approach, my host cPanel seems really basic, I couldn’t find ‘myphpadmin’ and I don’t know enough about how to get to that log where I can release my current IP.

Curse the damn Brute Force attackers that made me think I should do all this before I had time to really figure out how the hell to navigate to the support site. Should I be taking this up with the Support folks who host my site?

This is so damn depressing, it seems like I’m caught in a spider web. I don’t even have a site worth Brute Forcing about, I’m still learning how to put mine together.

https://www.acmeworx.com/wp-login

Hey Jon–
Admittedly, the ‘blacklist’ routine is a real pain, especially with the flimsy setup in the existing dashboard. Having to go to ‘log’ to get the ISP info from all the bad log-in attempts, then flip over to ‘settings’ to scroll down to the blacklist area is lame as all get-out. But someone has made a request to improve the blacklist interface. If you are willing to go to https://trello.com/c/EDSRmJvT/41-start-here-what-to-expect-how-to-request-features
to sign-up for yet another account which allows you to vote on suggestions needed to make Security better, you can vote on this issue, make your own suggestions and more.

Here’s my workaround to reduce the pain of blacklisting–
1) go into ‘logs’, write a list in my note book of only the first digits before the first ‘.’ on the left. Most of the time, I end up with a list of mostly 3-digit entries, occasionally it’s 1 or 2, depending on what country the creeps originate from. It’s pretty quick to create a list like this.
2) go over to the ‘settings’ tab and scroll down to the ‘blacklist’ area. Only enter the column of numbers you’ve just recorded in your notebook.
3) When you’re done entering add the following to the end of one of your listed ISP prefixes– .*.*.*
This creates a “wildcard” appendage for any of your listings that carry it. That means that any computer with an ISP beginning with your listed prefixes will be banned. All you have to do is copy your entered ‘.*.*.*’ and rip through your list with your down arrow, pasting in your wildcard notation to every listed item you’ve entered in your blacklist.

This whole damn thing is tedious and is wrecking my content development time but it’s so necessary to blacklist. And I am finding that it’s helping somewhat, along with setting my ‘Away Mode’ feature (in the ‘Settings’ tab) for as long an interval is possible–basically whenever I think I’ll be sleeping or definitely not working on my website. I note in my notebook the allowed log-in hours for my dashboard once I’ve set ‘Away Mode’. I’ll whitelist my current ISP when I’ve set my Away Mode whenever possible. I travel a lot so this isn’t always sensible but I whitelist my location whenever I can.

I say all this is helping because my bad login attempt notices have reduced from upwards of 100 daily to just a handful. But there is still some bastard who’s getting in and effecting a ‘Memory’ file change. To what end, I don’t know. I wish this Security package would be thoroughly documented so we can understand what’s happening to our infiltrated sites. I’ve made this suggestion at the link I provided here. Go on over and vote for documentation if you agree.

Good luck.

Got it–seems Security Pro emails backups to the address on file with the domain host. Think it would be nice if users could specify which email we want our backups sent to.

Hey Trinibabz,
That was a neat trick, good it worked for you!

Unfortunately, I keep getting ‘File change notice’ with weird info I don’t follow. Like ;Memory =1.25. Huh? That amidst thousands of lockout notifications. Yes, that’s right, I have nearly 2,000 log pages almost entirely comprising of bad log-in attempts since I installed this security setup.

I have Brute Force protection enabled, I set my admin site to block all log-in attempts whenever I’m sleeping and I even enter the first three digits of ISP hosts making attempts in my ‘permanent ban host’ setting, i.e. host # 186.*.*.*–largely from China, Russia, Ukraine, Lithuania and Amsterdam and to a lesser degree from other places all over the world. Some of the host look-ups I’ve done point to uninhabited places in the middle of what could be Siberia. Very funny.

Anyway, those wild-card stars make any host # starting with the first three # get blacklisted. It’s helped a little to do all that but I still feel uneasy with the undecipherable ‘file change notice’ that show up in my log daily.

WTF? Does anyone know what goes with all of this? I’ve downloaded the free guide this Security development group created. Will report back again if I find any pearls of wisdom there-in.

If this keeps happening, I might feel I have to resort to shutting down my admin after every time I finish working on it, leaving one tiny window of time that I would be able to get back in to change my shut down settings. Or whitelist my ISP before I quit, then do the lockout. That would be a pain.

Yup…Helllllllllllooooooo…

My email notifications are a major nuisance…79 site lockouts in one day? Attacking IP’s from Lithuania, Beijing, Amsterdam, Montreal, Paris and a couple from Virginia in the US. WTF? This has been going on for well over a month but yesterday was the worst.

I do use Brute Force Protection and I do have a zero setting for bad logins but this is a real nuisance and it does seem that in most of the bad login attempts that it’s repeat offenders, primarily from the locales listed above for all 79 yesterday. My vote is for blocking host IP’s as well. Maybe, at least the perps would get tired of trying to hit on my site.

In the meantime, is there anything that should stop us from changing our log-in user name to something less guessable? I notice the user name log-in attempts tend to run between my domain name and ‘admin’. Only thing is I think that user name is assigned by WordPress or maybe my domain host, I can’t remember, but I don’t think it’s changeable. And anyway, it would still cause all these email notifications to come through.

Maybe the way to go is to allow us to elect to get a digested summary of all email notifications rather than having each bad attempt sent in an individual email.

Another question, what if one of these hackers manages to get logged into someone’s site without their knowing? What kind of dastardly deeds do they get up to by logging into other people’s websites? Just curious. I’m pretty damn amazed by the breadth of this global assault on my little old site.

Same problem, but my backup isn’t showing up anywhere, not in email, nor locally. It seems that it’s just not doing it.

wow! Thanks for the heads up. Seems the fix is worse than the sick…

I’m zorching Wordfence immediately.

btw, I’m all ready for the Pagelines folks to give us that direct in for customizing the template’s homepage. I posted my own independent thread to ask about magazine customization on the homepage but still no reply.

Thanks for all the links in this thread, all, I’ve learned a few more useful things about the WP structure. Now to hear from Pagelines!

In the meantime, I’ll go do my clunky roundabout way of creating my own custom front end independent of Pagelines.

True, a new support thread could bring more of your questions together specifically and independent of Platform issues. Good idea.

But here’s the simple solution for this question only:
“I am new to this, the question is where do you go to upload this new file to the blog theme’s folder? How do you get to the blog theme’s folder?”

Blog theme folders are what you install in the content directory folder that contains your wordpress files. If you have your blog installed as your home page, it will be installed in your root directory, probably within a folder called something like “content” and it will be where all your wordpress files appear. Within that directory, you’ll find “wp-content” which will contain varying other sub-directories including your plug-ins and themes. Depending on the theme you are using, it’s directory (folder) will either be within the themes directory or it will simply reside within “wp-content.”

Depending on the ftp client server you’re using, it should all look pretty straightforward in your directory window.

Hope that helps.

Hey niska,

Thanks for the heads up on that tutorial. That totally gives me what I needed to know to customize the homepage.

As far as modifying code on PageLine’s page.php, it would be the same deal. Copy page.php so you have your original in case you mess up your modification. Leave your copy as a copy and on your original page.php insert your code and it should run if the code you’ve borrowed is intact and solvent.

I don’t have time today to check out the two links thoroughly but I will look into them to see what they’re describing. One quick guess is that Pagelines’ code on page.php is just a call to a file with the template code. You might have to look on that template file to see if the code you want to modify is stored there. When I check it out, I’ll post my findings.

Jeez, where’s the template author? It’d be nice to see a Pagelines tutorial to depict the specifics for their framework.