Block IP if username attacked

Home Forums BulletProof Security Pro Block IP if username attacked

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • May 13, 2014 at 2:13 am #15142
    Krzysztof
    Participant

    Wordfence in its beta version has added a feature like this:

    Feature: Immediately block IP if hacker tries any of the following usernames. (Comma separated list that you can specify on the Wordfence options page)

    Maybe something similar could be added to BPS Pro?

    May 13, 2014 at 5:30 am #15146
    Krzysztof
    Participant

    And this looks nice too 😉

    Prevent discovery of usernames through ‘?/author=N’ scans. New option under login security which you can enable.

    I’m afraid that due to different protection methods implementing those two could be hard. Am I right?

    May 13, 2014 at 6:04 am #15147
    AITpro Admin
    Keymaster

    We have looked at and are still looking at auto-banning IP addresses and so far have not found a way to do this that does not seriously hurt / negatively impact website performance, but if we can figure out a way to do this without serious negative impact to website performance then we will add something like that.

    Currently BPS Pro Login Security is performance optimized by not processing things that do not need to be processed and only processing things that do need to be processed.  Processing things that are not important at the cost of website performance is not a smart thing to do.  If something is a nuisance and not a threat then treat it as a nuisance and not a threat.  Or in other words, do not treat nuisances as a threat at the cost of website performance.

    This BPS Bonus Custom Code:  Author Enumeration Bot Probe Protection already does the author id enumeration protection.

    http://forum.ait-pro.com/forums/topic/wordpress-author-enumeration-bot-probe-protection-author-id-user-id/

     

    May 13, 2014 at 6:11 am #15149
    AITpro Admin
    Keymaster

    Also we spent months trying out different forms of IP blocking and the result of months of research was JTC Anti-Spam / Anti-Hacker as it is very effective and performance optimized vs IP blocking which is very ineffective, time consuming and a website performance killer.

    http://forum.ait-pro.com/forums/topic/buddypress-spam-registration-buddypress-anti-spam-registration/

    May 13, 2014 at 6:28 am #15152
    AITpro Admin
    Keymaster

    I stand corrected.  A new auto-ban feature using a new concept that has been proven not to negatively impact website performance is scheduled to start development in BPS Pro 9.1.  BPS Pro 9.0 is the next version release of BPS Pro and 9.0 contains many new major security features and one that is a new concept that has never been done or created before.  BPS Pro 9.0 is in DEVLOCK, which means no more new features can be scheduled for inclusion in BPS Pro 9.0.

    May 13, 2014 at 11:00 am #15158
    Krzysztof
    Participant

    Thank you for explaining the situation. I’m waiting eagerly for the new features in BPS PRO 😉

  • Author
    Posts
Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.