search

ASRG / asrg.io

asrg.io - website and docs
MIT License
8 stars 4 forks source link

Login Issues #394

Closed heldyboy closed 2 years ago

heldyboy commented 2 years ago

It seems that people are having login issues. I was afraid of this and should be considered high priority. Can you please take a look and see what is going on? [Hello] Problem with registration at ASRG website.pdf

KellyDSD commented 2 years ago

Hi I have disabled 2fA when testing earlier I found 2FA to be causing a login redirect and we have also found a confliction between this and Memberpress

I have left the spam registration plugin disabled also for the moment as I won't set this up until we have the user logins flowing as normal again.

CloudFlare may also be causing login issues (when on attack mode) so lets keep this disabled now

Wordfence is working as should for brute force attacks

I can see the following users were able to access the website as usual today:

moritz_krebbel evstykas allthatjaz

There were a fair few brute force attack attempts for 'admin' and a couple of regulars which should be disabled as a default I have now blocked this as they are trying to push the site down. I have a way to resolve and push down these numbers which I will add to the other card

The following logins were also rejected (all of these are fake accounts so will be blocked by IP so we can start to clear through before enabling the Spam registration scanner and OTP validation)

These users have had previous issues with logging in which is 2FA orientated :

allthatjaz | 172.70.142.182 | 5 hours 39 minutes ago (whitelisted)

grazynamav | 162.158.91.43 | November 10, 2021 19:08 mickeyjarnagin | 162.158.88.144 | November 10, 2021 18:57

These are failed spam listed logins from today which I have dealt with :

Polla | 162.158.88.70 | 1 hour 18 minutes ago melanieswayne | 108.162.241.128 | 2 hours 46 minutes ago raymond75y | 108.162.242.5 | 4 hours 58 minutes ago (brute force attack) admin | 162.158.114.132 | 6 hours 25 minutes ago

I will leave WordFence running and watch this on learning AI mode throughout this evening and tomorrow incase of any further issues, then in the case of no more issues there I will run the Spam registration extension and OTP / Registration set up

KellyDSD commented 2 years ago

I think this should now be ok and looks to have been 2fa so it is worth disabling xmlrpc as a priority (server level) and leaving this off for the moment so I can monitor the login logs for a week to check for any further issues