Giters

pojome / activity-log

Get aware of any activities that are taking place on your dashboard! Imagine it like a black-box for your WordPress site.

Home Page:http://wordpress.org/plugins/aryo-activity-log/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Logging Log-in Attemps of Banned Users

black-eye opened this issue · comments

commented

I have iThemes Security plugin installed and after several wrong attempts some IPs made it to a blacklist and are banned permanentely.

Strangely enough I’m still getting these IP’s attempts logged as “N/A user logged-out”.

This is the portion of the code, iThemes Security added to .htaccess:

<IfModule mod_authz_core.c>
	<RequireAll>
		Require all granted
		Require not env DenyAccess
		Require not ip 91.210.145.165
	</RequireAll>
</IfModule>
<IfModule !mod_authz_core.c>
	Order allow,deny
	Allow from all
	Deny from env=DenyAccess
	Deny from 91.210.145.165
</IfModule>

91.210.145.165 is the IP that is keeping to be logged by your plugin.

This issue is not the same as #125 - in that case it's logging attempts which weren't blocked (before the evaluating the password as wrong) and this is a correct behaviour. In my case it is logging attemts which shouldn't happended at all.

Or does it mean, that the iThemes actually isn't blocking those IPs? BTW there are no attemps for 91.210.145.165 in iTheme's own log after the user was banned.

commented

Maybe will fix by this: e056ff1