Scan for WordPress attacks blocks after two requests - skip list not working

M

MarcelH

New member
Joined
Sep 20, 2022
Messages
4
Greetings,

I have been using the feature "scan for WordPress attacks" to block brute force attacks on WP login pages.

As I understood an ip gets blocked after the same amount of login attempts as the number of attempts for "blacklist IPs for excessive DA login attempts".

However, I have noticed that ip's get blocked even after two POSTS to the wp-login.php file. In addition the skip list at the Brute Force Monitor page does not seem to work: even an ip added to the skip list gets blocked after two WP logins.

I was wondering: is this feature not working as it should? Is it possible to increase the amount of attempts before an ip gets blocked? I could not find any setting for this in the documentation.

Thanks in advance,

Marcel
 
MisterM said:
Is modsecurity for apache or nginx installed?
Click to expand...
Hi Mz,

Thanks for your reply. Modsecurity is not installed on this server. Is it a requirement for the skiplist to work? I will install it and try.

Is there is a way to increase the amount of attempts before an ip gets blocked, I'm curious to know.

Marcel
 
Hello

Yes, it is necessary to install it, because it controls the totality of the security on the server, and especially do not be mistaken of Rule.

Comodo : Nginx

Owasp : Apache

Is there is a way to increase the amount of attempts before an ip gets blocked, I'm curious to know.
Click to expand...

the answer is YES

Mz
 
Thank you for the information. I will intall modsecurity and let you know the findings.

Marcel
 
Hi

on my side I have no worries about spam via my websites, created in WP.

Read the DA docs on modsecu.

Mz
 
check your /var/log/httpd/access_log and you will see it may not only 2 post counted.

Also check your wordpress... do you install some plugin to force block you?
 
Last edited:
Thanks for the additional answers! After some searching it turned out that fail2ban was blocking the WordPress login attempt. I was not aware our system administrator enabled this features on this server. Fail2ban was set for 2 attempts.

I'm sure sure weather fail2ban kicked in before the "scan for WordPress attacks", but since it requires modsecurity, it probably was inactive. On occasson I will install and test modsecurity on a fresh server, without fail2ban.

Marcel
 
You must log in or register to reply here.
Back
Top