Prevent brute force wp-login

adamda

Verified User
Joined
Dec 30, 2019
Messages
8
i am new in directadmin panel, i have problem that my server under wp-login brute force and make my server load high (20)
i have installed mod security comodo and enable BFM, but it don't work

how to block wp-login brute force?
 
my server is for webhosting, its imposible to login and install plugin in all websites
 
What I don't get with the CSF/BFM combo is that a legimate user has only exactly say 3 tries to login before he's blocked, while just about every botnet-IP can still hammer away at a WP-site multiple times a second, for a number of minutes.
 
Another option, can also maybe be of very good use, the CSF regexp option. Add this to your regex.custom.pm file:
Code:
# wordpress
if (($globlogs{CUSTOM4_LOG}{$lgfile}) and ($line =~ /(\S+).*] "POST \/wp-login\.php.*" 200/)) {
    return ("Failed Wordpress login from",$1,"wordpress","20","80,443","3600");
}
Adjust your CUSTOM4_LOG as needed and in CSF let it point to your domain access logs, or just point to all for example:
Code:
CUSTOM4_LOG = "/var/log/httpd/domains/*
The 20 can be adjusted to the amount of attempts you would like and the 3600 to the amound of seconds you want to block ip's.
 
See https://github.com/poralix/reCaptcha2_validation-free

- With this you will have a Google's reCaptcha 2 installed server-wide.
- No need to install reCaptcha individually per user or per site.
- The addon will remember user's IP for 7 days (default, can be changed).
- English/Dutch/Russian languages shipped by default.
- IP detection works for sites behind CloudFlare proxy.
 
See https://github.com/poralix/reCaptcha2_validation-free

- With this you will have a Google's reCaptcha 2 installed server-wide.
- No need to install reCaptcha individually per user or per site.
- The addon will remember user's IP for 7 days (default, can be changed).
- English/Dutch/Russian languages shipped by default.
- IP detection works for sites behind CloudFlare proxy.
See https://github.com/poralix/reCaptcha2_validation-free

- With this you will have a Google's reCaptcha 2 installed server-wide.
- No need to install reCaptcha individually per user or per site.
- The addon will remember user's IP for 7 days (default, can be changed).
- English/Dutch/Russian languages shipped by default.
- IP detection works for sites behind CloudFlare proxy.


Can you please say what the below lines means?
How to check if hostname has Ipv6 ?

=============
IMPORTANT Since users are redirected to http://hostname/ you should make sure that your hostname has a valid IPv6 record in order to validation for IPv6 to work properly!
=============

Also can you please provide removal script for it?
 
Another option, can also maybe be of very good use, the CSF regexp option. Add this to your regex.custom.pm file:
This custom.pm serves me for lots of purposes and in this case it also works, but what about built-in feature? Is there a bug or something?
 
Can you please say what the below lines means?
How to check if hostname has Ipv6 ?

Well, due to restrictions from Google, reCaptcha can be shown only a domain, which is listed in a key from Google. On a shared hosting it might be an issue to keep the list of domains updated. To bypass the limit the reCaptcha is shown on a hostname, which should have both IPv4 and IPv6 if you have the both types of IPs on a board, otherwise your users can not be validated.

Also can you please provide removal script for it?

Kindly feel free to open an issue at GitHub to make it easier to track new feature requests.

I really appreciate what you are doing, that's awesome, but I'm just trying to avoid using any Google services when only it is possible.

That's OK. Just use the idea then and add another method of a validation, for example using cookies. If a cookie is set, then redirect back a login page. Something like that.

Might help https://stackoverflow.com/questions/6021552/check-cookie-and-redirect-with-apache
 
See https://github.com/poralix/reCaptcha2_validation-free

- With this you will have a Google's reCaptcha 2 installed server-wide.
- No need to install reCaptcha individually per user or per site.
- The addon will remember user's IP for 7 days (default, can be changed).
- English/Dutch/Russian languages shipped by default.
- IP detection works for sites behind CloudFlare proxy.
hello

great work realy , it's work with openlitespeed ?
 
Let me know if you find issues with it.


● httpd.service - The Apache HTTP Server
Loaded: loaded (/etc/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Thu 2021-03-25 20:40:12 IST; 27s ago
Process: 4154859 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
Process: 4136469 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)
Process: 4157934 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 4157934 (code=exited, status=1/FAILURE)

Mar 25 20:40:12 server.example.com systemd[1]: Starting The Apache HTTP Server...
Mar 25 20:40:12 server.example.com httpd[4157934]: httpd: Syntax error on line 156 of /etc/httpd/conf/httpd.conf: Syntax error on line 11 of /etc/httpd/conf/extra/httpd-includes.conf: Include takes one argument, Na...t least one file
Mar 25 20:40:12 server.example.com systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Mar 25 20:40:12 server.example.com systemd[1]: Failed to start The Apache HTTP Server.
Mar 25 20:40:12 server.example.com systemd[1]: Unit httpd.service entered failed state.
Mar 25 20:40:12 server.example.com systemd[1]: httpd.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
[root@server install]#


NOT WORKING AND AFTER INSTALLING, APACHE NOT STARTING
 
Back
Top