bot attacks

Home Forums BulletProof Security Free bot attacks

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #4094
    clawduda
    Participant

    hello

    i am using your plugin , but in addition i started using wordfence as well

    in a prvious thread i found out that there shouldn;t be any compatibility problem so …. lets hope that for the future

    Now , i am curious about one thing . After installing wordfence and started using the login lockout function that it offers i found out that i am constantly getting login attempts , about 30-40 a day . As my site does not use reisgtration these are obvious hack attempts from bots .

    But , before using wordfence i was under the impresion that BPS would stop such bots to not be able to try brute force logins . So is this normal ?

    EDIT : hmmm i think i jumped here to conclusions without reading properly . so bps does not block login brute force attepmts, right ?

    From a professional point of view like you guys obviously are … are these login attempts “normal” ? Or are they way more than any other website would get ? I am only afraid that bulletproof was not configured correctly and that is why i get these . I am not computer literate so that is why i am afraid . Thank you

    Thank you in advance

    #4102
    AITpro Admin
    Keymaster

    Both BPS .48.3 and BPS Pro 5.8 will have Login Protection added.

    In general the best method to handle automated bot login probes/recons/attacks is to use the standard Action Approach of – After X number of failed login attempts lock the user account.

    In general BPS and BPS Pro take an Action Approach to security – hacker X does bad action Y and the result is Z = Forbidden.  BPS Login Protection will be using that same Action Approach to Brute Force Login attempts in the next version releases.

    For addtional information about why it is a waste of time trying to block automated bot attacks see the link below.

    http://forum.ait-pro.com/forums/topic/login-attempts-login-301-and-302-errors-logged/

    #4105
    clawduda
    Participant

    Hi,

    First of all , i am really amazed on your support. Seeing how well you support the FREE version of the plugin it is just  “different” than other plugins out there. congratulations on this. Now , on topic : Thank you for your answer . The reason why i keep asking about compatibility of your plugin with other ones is because i want to keep using it and i want to “build” the rest of my site’s security around it. It is good news that you will implement login protection in the next update. also , i now see your point after reading the link you gave me that locking is a waste of time . I keep getting notifications after notifications that an ip was blocked because he was truing to login a number of times. Seeing how many they are and how long is the automated blocking list .. i am sure that the bots follow the rules you said in that link. So, i can only say that i am looking forward to your new update. I think i will definitely upgrade to the pro version soon. Thank you for your support so far and congratulations for how you handle your plugin’s users … even the ones that use the free version.

    PS: Could you recommend other plugins that work best TOGETHER with your plugin in terms of security ? Something that will add more security together with your plugin. Example : I am thinking of using this plugin: http://wordpress.org/extend/plugins/google-authenticator/ The ideea sounds excelent. Do you know if it will conflict with your pluing in any way? I don’t want to use something that is not compatible with BPS because as i said i want to use it. So, do you know if this google authenticator plugin is a good ideea and if it is compatible with your plugin?

    Thank you !

    #4111
    AITpro Admin
    Keymaster

    We have experimented with many different forms/methods of blocking/hiding/etc. – all have proven to be a waste of time.  😉

    I stay away from recommending other plugins so what I recommend that you do is check the wordpress.org plugin forum area first for the plugin you want to install on your site to get a sense of things like does the plugin have a lot of problems, is the plugin author responsive, are solutions given in a timely manner, etc.  To me there is nothing worse then a poorly supported plugin or any other software product for that matter.  Obviously we take support very seriously because it is the most important aspect of any software product next to what the product is designed to do.

    The approach we take is this:  If there is an issue/conflict/problem then we provide a solution in a timely manner.  Providing solutions are very simple since there are many different methods to whitelist whatever needs to be whitelisted for other plugins or themes.  Since this is such a simple thing to provide we do this as necessary.  In other words, if you find a conflict/issue/problem then post it in the Forum and we provide the solution ASAP.

    #4185
    clawduda
    Participant

    in the end i decided to drop wordfence as the resources were overloading because of the tons of automated bot attacks

    so , until your plugin will ofer login protection i am trying to use another thing of protection

    I was reading some articles that say it helps to protect your wp-admin folder with a password from cPanel . That sounds good , but since it uses .htaccess ( this is what it said in that article ) i am thinking that it might break the bulletproof .htaccess created by your plugin ? Could you be as kind as to help me with this ? What code do i need to enter in the bulletproof plugin so that it will include the checking for password i will create in cpanel ?

    Thank you

    PS: You seem very smart so your input on this is greatly appreciated .

    #4197
    AITpro Admin
    Keymaster

    There is currently an ongoing Worldwide attack going on:  http://forum.ait-pro.com/forums/topic/global-brute-force-attack-on-wordpress-sites/

    My log files are logging 100 times there normal amount of hacking attempts.

    Adding a second authentication to your wp-admin folder does not really make it any more secure.  What makes your wp-admin folder secure is creating a very secure password.  Example secure password:  b#@p6E7*J1gh429*@K2

    #4199
    clawduda
    Participant

    thanks for the tip

    my password is actually about twice as long and using the same “concept” 🙂

Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.