Home › Forums › BulletProof Security Pro › Login Security & Monitoring Help Info
Tagged: Login Monitor, Login Monitoring, Login Security
- This topic has 46 replies, 11 voices, and was last updated 8 years, 3 months ago by SM.
-
AuthorPosts
-
ToddParticipant
I can accomplish the same result using wp_login_failed so I’m going to play with this a bit and see if I can get it working with BPS Pro. We want to try out your login security measure while using our own as well. Anything to make it safer and better is always good IMO.
AITpro AdminKeymasterCool! If you figure out something awesome then post your code back here so that other folks can get in on the action. 😉
AITpro AdminKeymasterAnd if it kicks @SS then we will add it as a new option in BPS Pro. The addtional Brute Force Login protection code posted in the Forum will be added at some point too. We are currently finishing up DSO Automation code in BPS Pro 7.0. So once that is out the door then we will be adding the additional Brute Force Login options as a standard in BPS.
ToddParticipantOk so we’ve made some progress. I’m not exactly sure how BPS handles or gathers the failed login attempts but I was able to leave the code in functions.php as initially shown above in post 9036.
I created a custom rule in rsyslog.conf to log all attempts to a file in /var/logs/ and exclude those attempts from the auth.log. In functions.php I then constructed a custom syslog facility, added an action for wp_login_failed, opened the syslog on those failures and wrote a log notice. This successfully records all failed login attempts, the website that it’s coming from, the username and the IP. This information located in the log can now be parsed by fail2ban. I know this still bypasses the BPS feature but I’m wondering what you are using to gather those failed login attempts.
AITpro AdminKeymasterBPS uses the standard/approved/accepted WordPress method of hooking into the WordPress authenticate function. All Login Security plugins should be using this standard/approved/accepted Authentication processing method.
add_filter('authenticate', 'xxxxxx', 20, 3);
To see the full BPS Authentication method and code that handles Login Security/Authentication you will find that code in these files:
handles actual Authentication processing (good/failed logins) & does the Database Row Insert Table Row functions.
/bulletproof-security/includes/login-security.phphandles the display of the Login Security Database Rows & the Dynamic Database Form Table & Form options, etc. The BPS Login Security Database Table is independent of the wp_users Database Table.
/bulletproof-security/admin/login/login.phpIf you wanted to get the BPS Stored Database content this would be done by using a MySQL Query. See the code in /bulletproof-security/admin/login/login.php for an example of that MySQL Query.
AITpro AdminKeymasterIf you would like to add a link back to your site you can do it in this Forum Topic. We are currently not allowing any links, pingbacks, trackbacks on any other AITpro.com websites. We are trying to phase those sites out entirely except for processing as needed: DB processing, purchase, Download, etc.
ToddParticipantMy apologies, that wasn’t intended. I forgot to un-check the pingback/trackbacks. I was trying to support BPS Pro via referral link =)
AITpro AdminKeymasterYep, so did we. Pingbacks/Trackbacks are now disabled on the affiliates site. Your Post/Article looks very good so add a link here if you want. We gave up begging for backlinks a long time ago since backlinks no longer have that much SEO weight these days anyway. The AITpro.com Alexa World Ranking is 31, 569 with only around 200 backlinks.
ToddParticipantWell before I posted a link to it I wanted to make sure that everything would work with BPS and Fail2Ban harmoniously. I don’t want to have a link from your forum to ours if we are overriding or conflicting with your function. After thorough testing with BPS I can confirm that our integration of failed login attempts will work with BPS. We are using wp_login_failed which is a approved defined action of wp_authenticate. wp_authenticate is the very first check initiated and therefore the returned result of the login will always hit BPS first.
If anyone stumbles across this post the main difference between the BPS method and the solution that we provide is that we are using Fail2Ban and blocking the request at the firewall via iptables. The other major difference is that BPS only logs failed login attempts for actual user accounts that exist within the db. The Fail2Ban method logs all failed attempts. We will be looking into a method similar to BPS however at this time we don’t have that documented.
A good use case scenario (in my humble opinion) would be to set a high maxretry in Fail2Ban and let BPS handle the majority of the failed (real user) login attempts with a lower number. This would thwart attempts on valid user accounts quickly via BPS and block bots spamming thousands of random attempts via Fail2Ban. We also have a post for repeat offenders using fail2ban to permanently ban them. This would also be a good use case scenario.
WordPress Login Security with Fail2Ban: http://tscadfx.com/wordpress-login-security-fail2ban/
Much thanks to AITPro Admin for allowing us to share.
AITpro AdminKeymasterSounds good.
EDIT|UPDATE: JTC Anti-Spam|Anti-Hacker was created in BPS Pro, which is 100% effective at stopping 100% of all automated hacking and spamming attacks.
There is another factor to consider as well regarding what BPS is currently doing/what options are available now and what options will be available in a future version of BPS. The additional Brute Force Login protection code, additional BuddyPress options, etc. in the links below will be added as standard options in BPS. These additional security measures handle invalid logins by blocking hackers, spammers, scrapers, etc. before Login page authentication/processing occurs.
DebParticipantI have no other login logging plugins on the site. I have set the Login Security to Log All Account Logins.
I used to have it set to Max DB Rows To Show: Blank = Show All – until there were too many rows. Now I just want the LAST 20 logins to show, but when I set Max DB Rows To Show: 20 (or any other number) it just shows a random mixed up choice of various database rows (older mixed up with newer) instead of the LAST rows that were created. If I set it again to Show All, they line up in timestamp ascending with oldest at top/newest at bottom (meaning after it finally loads, I must scroll down a ways). Great. Am I missing something, or is the system not set/able to display the LAST chronological entries?Also, there are people posting and commenting that are not shown in the Login database ever. I see myself and most others in there regularly, and appropriately. I had reset wp-config.php sessions forcing everyone to log back in after getting BPSpro all set up and working.
Thank you again.
AITpro AdminKeymasterAdditional sorting options are scheduled to be added to BPS Pro Login Security. The time frame of when that will be completed is tentative based on task/project priority order, but is on the list of scheduled tasks already. Thanks.
As of BPS Pro 5.9 the Dynamic Database Form Table Rows are now sorted/ordered by the logged event. ie user A logs in at 10AM. user B logs in at 11AM. The logged order will be user A, user B.
Login Security Dynamic Database Form:
The Login Security Dynamic Database Form Table Rows are now sorted/ordered by ID Ascending. This means that as Login events/actions are logged they will be ordered in the exact order of the logged event/action.Kouichi SugawaraParticipantHi AITpro
On Monitoring and Alerting Options Security Status: BPS Pro Version, RBM, WBM & Alerts What is meaning RBM, WBM Alarts ?
AITpro AdminKeymasterRBM = Root BulletProof Mode. WBM = wp-admin BulletProof Mode. Hover over the Dashboard Status Display links for a description. Click the Read Me help button on the BPS Pro S-Monitor page for more information about the Dashboard Status Display.
WebblogsforyouParticipantI’m using BPS security plugin and also enabled the Login Security option. I’m unable to see attempts messages i.e 3 login attempts remaining, 2 login attempts remaining, etc. However, I’m getting security alert emails and logs but only the login attempt functionality is not working. Is it normal or anything I missed during setup? I’m not using any other security plugin.
URL: http://www.webblogsforyou.com/wp-login.php -
AuthorPosts
- You must be logged in to reply to this topic.