Prevent brute force wp-login

adamda

Verified User
Joined
Dec 30, 2019
Messages
6
i am new in directadmin panel, i have problem that my server under wp-login brute force and make my server load high (20)
i have installed mod security comodo and enable BFM, but it don't work

how to block wp-login brute force?
 

adamda

Verified User
Joined
Dec 30, 2019
Messages
6
my server is for webhosting, its imposible to login and install plugin in all websites
 

BBM

Verified User
Joined
Jun 8, 2013
Messages
342
Location
Dutch Mountains
What I don't get with the CSF/BFM combo is that a legimate user has only exactly say 3 tries to login before he's blocked, while just about every botnet-IP can still hammer away at a WP-site multiple times a second, for a number of minutes.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
4,541
Location
Maastricht
Another option, can also maybe be of very good use, the CSF regexp option. Add this to your regex.custom.pm file:
Code:
# wordpress
if (($globlogs{CUSTOM4_LOG}{$lgfile}) and ($line =~ /(\S+).*] "POST \/wp-login\.php.*" 200/)) {
    return ("Failed Wordpress login from",$1,"wordpress","20","80,443","3600");
}
Adjust your CUSTOM4_LOG as needed and in CSF let it point to your domain access logs, or just point to all for example:
Code:
CUSTOM4_LOG = "/var/log/httpd/domains/*
The 20 can be adjusted to the amount of attempts you would like and the 3600 to the amound of seconds you want to block ip's.
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,255
Location
GMT +7.00
See https://github.com/poralix/reCaptcha2_validation-free

- With this you will have a Google's reCaptcha 2 installed server-wide.
- No need to install reCaptcha individually per user or per site.
- The addon will remember user's IP for 7 days (default, can be changed).
- English/Dutch/Russian languages shipped by default.
- IP detection works for sites behind CloudFlare proxy.
 

sufiyanshaikh

Verified User
Joined
Aug 14, 2019
Messages
34
See https://github.com/poralix/reCaptcha2_validation-free

- With this you will have a Google's reCaptcha 2 installed server-wide.
- No need to install reCaptcha individually per user or per site.
- The addon will remember user's IP for 7 days (default, can be changed).
- English/Dutch/Russian languages shipped by default.
- IP detection works for sites behind CloudFlare proxy.
See https://github.com/poralix/reCaptcha2_validation-free

- With this you will have a Google's reCaptcha 2 installed server-wide.
- No need to install reCaptcha individually per user or per site.
- The addon will remember user's IP for 7 days (default, can be changed).
- English/Dutch/Russian languages shipped by default.
- IP detection works for sites behind CloudFlare proxy.

Can you please say what the below lines means?
How to check if hostname has Ipv6 ?

=============
IMPORTANT Since users are redirected to http://hostname/ you should make sure that your hostname has a valid IPv6 record in order to validation for IPv6 to work properly!
=============

Also can you please provide removal script for it?
 

ericc

Verified User
Joined
Jan 2, 2018
Messages
28
Location
EU
Another option, can also maybe be of very good use, the CSF regexp option. Add this to your regex.custom.pm file:
This custom.pm serves me for lots of purposes and in this case it also works, but what about built-in feature? Is there a bug or something?
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,255
Location
GMT +7.00
Can you please say what the below lines means?
How to check if hostname has Ipv6 ?
Well, due to restrictions from Google, reCaptcha can be shown only a domain, which is listed in a key from Google. On a shared hosting it might be an issue to keep the list of domains updated. To bypass the limit the reCaptcha is shown on a hostname, which should have both IPv4 and IPv6 if you have the both types of IPs on a board, otherwise your users can not be validated.

Also can you please provide removal script for it?
Kindly feel free to open an issue at GitHub to make it easier to track new feature requests.

I really appreciate what you are doing, that's awesome, but I'm just trying to avoid using any Google services when only it is possible.
That's OK. Just use the idea then and add another method of a validation, for example using cookies. If a cookie is set, then redirect back a login page. Something like that.

Might help https://stackoverflow.com/questions/6021552/check-cookie-and-redirect-with-apache
 
Top