33 Responses to WordPress Distributed Botnet Attack Blocker

  1. Giacinto says:

    Thank you for your plugin, I want to try it on my site.
    My question is: It’s possible to fix the whitelist IP writing int just the two groups and address following by dot and asterisk?.
    Ex: 11.22.*.* 33.44.*.* and so on
    You know, the IP wil change anytime when you start the new connection.
    Best regards

    • cheesefather says:

      Good suggestion, thanks, I hadn’t considered dynamic IPs – I’ll add it to the next release. The plugin was only published this morning, so there will probably be a few feature requests coming. Watch this space! 🙂

  2. Giacinto says:

    Just for the moment and waiting your new release, I keep not active your good plugin, because it’ll be not always operative for the locked administrator.
    Let me know if you need the translation in italian language, giving to me your .pot file.

    • cheesefather says:

      I’ve just updated the plugin with partial IP matching (so just type in 1.2 if you want to match 1.2.3.4 or 1.2.7.8 etc.) and also updated the plugin to be translatable. Thanks for the offer – I’ll email you the pot file 🙂

  3. Giacinto says:

    Ciao Misha
    I sent to you the two files .po and .mo for the italian translation.
    I actived your plugin. It’s working fine!.
    Thank you

  4. Joe Haire says:

    I just installed your plugin. I can’t wait to see this in action. I have some large multisites. One of em got brute force attacked last night. I like how the default is on multisite to one login attempt. That’s slick. I have some friends in some big corporations and these hackers hit way more than WP sites.

    • cheesefather says:

      I haven’t tested it on a multisite installation! Please do let me know asap if there are any issues – thanks 🙂

  5. Pingback: Botnet Attack Blocker for WordPress Protects Sites Against Brute-Force Attacks | CISSP 2 CISSP

  6. Selvakumar Manickam says:

    This will cause false-positive blocking for those behind NAT and those on time sharing, e.g. ADSL..

    • cheesefather says:

      I think you may have missed the point of the plugin 🙂 It could only do that if you fail login multiple times and haven’t whitelisted your IP address range.

  7. Pingback: BotNet Blockers, Trip Sharing, Customer Testimonials, Automatic Dummy Images and Anti-Pinterest

  8. Pingback: Selección gourmet de plugins para Wordpress | Agencia de Publicidad y Marketing Online Barcelona | Nexo Creativo |

  9. John Dorner says:

    minor correction to be made in the file botnet-attack-blocker.php

    On line 79, the add_options_page function, “bab_show_page” needs to be quoted.
    http://codex.wordpress.org/Function_Reference/add_options_page

    Most PHP installations will assume it is quoted, but may throw an error.

    Thanks for the plugin!

  10. Marianne O'Neal says:

    Hi, thanks for sharing. I’m wondering if it’s OK to copy some of the text in my site?

  11. kelly says:

    Thank you for the great plugin !!

  12. Joel Miller says:

    Hi:
    It looks like the plugin also blocks access to a password protected page on my site during a lockout. One of my customers got this error message trying to access the page:

    Warning: strpos() [function.strpos]: Empty needle in /home/mille33/public_html/pressureperfect.us/wp-content/plugins/botnet-attack-blocker/botnet-attack-blocker.php on line 55

    Warning: Cannot modify header information – headers already sent by (output started at /home/mille33/public_html/pressureperfect.us/wp-content/plugins/botnet-attack-blocker/botnet-attack-blocker.php:55) in /home/mille33/public_html/pressureperfect.us/wp-login.php on line 396

    Warning: Cannot modify header information – headers already sent by (output started at /home/mille33/public_html/pressureperfect.us/wp-content/plugins/botnet-attack-blocker/botnet-attack-blocker.php:55) in /home/mille33/public_html/pressureperfect.us/wp-includes/pluggable.php on line 876

    I’ve disabled the plugin and my customers can access the protected page again. I have other plugins to prevent attacks but I like the simplicity of yours better but it might not work for me in this case.
    Best,
    Joel

  13. Eric TF Bat says:

    I get MySQL errors whenever this runs. Here’s a sample:

    Fri Aug 16 22:56:32 2013] [error] [client 146.x.x.x] WordPress database error Incorrect table name ” for query INSERT INTO “ (`ip_address`,`timestamp`) VALUES (‘146.x.x.x’,1376657792) made by wp_signon, wp_authenticate, do_action(‘wp_login_failed’), call_user_func_array, bab_login_failed, referer: http://xxxx/wp-login.php
    [Fri Aug 16 23:04:44 2013] [error] [client 5.xx.xx.xx] WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘ORDER BY timestamp DESC’ at line 1 for query SELECT timestamp FROM ORDER BY timestamp DESC made by do_action(‘login_init’), call_user_func_array, bab_login_init
    [Fri Aug 16 23:04:45 2013] [error] [client 5.xx.xx.xx] WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘ORDER BY timestamp DESC’ at line 1 for query SELECT timestamp FROM ORDER BY timestamp DESC made by do_action(‘login_init’), call_user_func_array, bab_login_init, referer: http://xxxx/wp-login.php

    Might be because I’m running a multisite install. Is the plugin tested for multisite?

    • cheesefather says:

      Thanks for the feedback – I’m afraid it’s still buggy in multisite, this will be totally fixed by the new minor version (coming very soon!), but until then I don’t recommend using it in multisite – sorry about that 🙁

      • Eric TF Bat says:

        No worries, it happens. If you want me to be a guineapig for the next version, drop me a line. I have a local installation of my multisite system as well as a live one on my own system, so I can test stuff safely and send you logs directly.

  14. erik says:

    Hey!

    Thanks for the awesome plugin – once I get it setup i get the following on the wp-admin page

    Warning: strpos() [function.strpos]: Empty needle in /home/sharpf7/public_html/wp-content/plugins/botnet-attack-blocker/botnet-attack-blocker.php on line 70

    the system seems to be working – and letting those of us with white listed IP addresses in but wasn’t sure what was causing the line70 error.

    E

  15. Dan Shilstone says:

    Love it. I’d just like to make a feature request: add an option in the admin interface to lift the lock-down.

  16. Rekks says:

    I’m finding that it’s not catching anything at all. I installed it, and it’s not aware of any of the dozens or more attempts to access /wp-login.php on my site. Is there a way they’ve figured out how to bypass your plugin?

  17. Pingback: How To Protect WordPress Sites From Hackers – New User Guide | Tims IM Blog

  18. riu says:

    Does it work well with multi site. I have observed in my test run that while login into multisite – it gives error of not finding botnet table for network sites.

  19. Thanx for this plug-in. We use it on our site after a lot of attacks on xmlrpc.php. All our redactie members are in the White list of this plug-in. In one day we got more then 80357 attacks. But this plug-in helps us to stop it.

  20. Josh says:

    Hi,

    I can not deactivate the plugin. If I choose the button “Report and Deactivate” nothing happens. If I choose “No problem to report” I’m redirected to a 404 page. In both cases the plugin keeps activated. The 404 address is “http://www.noordoogst.org/wp-admin/undefined”

    I use a premium theme “Central”

    Hope you can help me out.

  21. Josh says:

    Hi,

    I found out what coursed the problem. It is not your plugin but it is the “Installer” plugin from OnTheGoSystems Inc. !

    Al the deactivating from other plugins where not working. I deactivated the “Installer” and problem was solved.

    Best regards..
    J

  22. there are many good plugins for block these types of attackers

  23. informative thanks for share

Leave a Reply to KKC-Security Department Cancel reply

Your email address will not be published. Required fields are marked *