Component didn't block brute force ip

[HeadGofer]

I'm hoping you can help me. We have a non-profit called www.masshort.org which is on a virtual private server. It seems like we are getting repeated brute force attacks. I installed your plugin hoping to solve the issue, but this morning we had another one that took the server down. The ip was logged in the failed attempts (over 50 pages of attempts) but no block was put in place. Can you help us figure out what we're doing wrong?

[codeling]

Was it always the same IP? These days distributed attacks are getting more and more common.
Have you checked the times of those attempts, were they all today? Check the bfstop configuration, it has a limit on which time interval is considered.

Have you checked the log files (php, joomla, bfstop) for any anomalies / error messages (see https://github.com/codeling/bfstop/wiki/FAQ#how-do-i-turn-on-logging) ?

[HeadGofer]

Hello Bernnhard,

I've enabled the error tracking log. Regarding the ip, it was only one, but
I had the duration for only 5 minutes. Currently, I have it set to 10
attempts and and permanent block. Also I have a question of regarding the
Plugin tab versus the advanced tab. Both have functions for blocking. Does
one override the other?

Thanks.

Michael

On Fri, May 13, 2016 at 2:01 PM, Bernnhard Fröhler <notifications@github.com

wrote:

Was it always the same IP? These days distributed attacks are getting more
and more common.

Have you checked the log files (php, joomla, bfstop) for any anomalies /
error messages (see
https://github.com/codeling/bfstop/wiki/FAQ#how-do-i-turn-on-logging) ?

—
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub
#129 (comment)

Michael Opton
michaelopton@gmail.com
W) 781-449-5256
C) 781-786-1744

[codeling]

Also I have a question of regarding the Plugin tab versus the advanced tab. Both have functions for blocking. Does one override the other?

Which overlaps do you see, what setting do you think overrides what other?
Those settings are all affecting how the blocks work, yes, but they don't influence the exact same behaviors.

The blocking duration of only 5 minutes could be an issue, yes. It has a dual use at the moment: It not only limits the block duration, but also the time that is checked for past failed logins from that same IP.

This is not mentioned at the moment in the settings hint (shown when hovering over the setting name), I will add something in a future version.

[HeadGofer]

Hello Bernnhard,

I adjusted the settings and it looks to be blocking ips now. Thanks for
your help.

On Sat, May 14, 2016 at 4:00 AM, Bernnhard Fröhler <notifications@github.com

wrote:

Also I have a question of regarding the Plugin tab versus the advanced
tab. Both have functions for blocking. Does one override the other?

Which overlaps do you see, what setting do you think overrides what other?
Those settings are all affecting how the blocks work, yes, but they don't
influence the exact same behaviors.

The blocking duration of only 5 minutes could be an issue, yes. It has a
dual use at the moment: It not only limits the block duration, but also the
time that is checked for past failed logins from that same IP.

This is not mentioned at the moment in the settings hint (shown when
hovering over the setting name), I will add something in a future version.

—
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub
#129 (comment)

Michael Opton
michaelopton@gmail.com
W) 781-449-5256
C) 781-786-1744

[codeling]

Glad to hear it works.
Those settings for sure could use some overhaul to make them more intuitive.
The linkage between block duration & check duration is not ideal.

[codeling]

Closing this, as the aforementioned settings confusion will be addresses in a new issue (see above).