blocked from logging into wordpress


colinho
Asked:
2013-05-20 10:41 pm EST

Hits: 997
i have not been able to log into my wordpress for about 2 weeks hosted on your server

www.tokiomarineasia.com/wp-admin

1. when i log in from my office (IP: 202.55.66.248 ), i get an error msg saying that my access has been blocked from too many log in attempts.
2. but when i login from home and my own 4g connection with my phone isp, i am able to get in.

is it possible that your server has blocked access from my office IP?

Colin

You must login before you can ask a follow up question.

You must login before you can submit an answer.

OTHER ANSWERS

0

jamesr
Staff
5,889 Points
2013-05-21 11:30 am EST
Hello colinho!

Sorry for the trouble with the connection to your WordPress admin from your office IP. Since the WordPress wp-login.php brute force attacks, we have increased our security for Word Press logins. It appears there is a compromised computer at the 202.55.66.248 location. This is causing the IP to get added to the System ModSec file. This will result in the following message when accessing the site.

"WordPress Login Temporarily Disabled"

Something from the 202.55.66.248 IP is attacking your website. You can check the domlogs for their IP to find the specific cause. You can find the IP in the access logs are located in your account home directory /home/user/access-logs. ModSec file keeps track of POST requests and blocks them if there too many within 3 minutes. The security can block IP-based and domain-based connections.

That IP has the most hits in the domlogs. We cleared the IP in the database. If you're still under attack, it may get blocked again. So if you see the disabled page, then something at your location's IP making too many requests to wp-login.php and/or wp-admin. You will need to fix the attacking computer to keep the IP from being added again.

Best Regards,
James R



You must login before you can post a comment about this answer.

Hi James, this is the reply i got from the IT department from our clients:
===========================================================
The IP listed belongs to us and we use it for proxy access only. It will be good if Inmotion can provide the logs to show that the intrusion is coming from our IP.

The other possibility is that since we are using proxy, the access is from a single IP source but from different people within our network. For example, if Mei Yan and Katie access the site, Inmotion will see 2 request/connection from a single external IP. Please seek their advice on how Corporate users can access their site with such setup.
colinho
14 Points
2013-06-04 12:12 am EST
Can someone please help. I have yet to receive a reply.
colinho
14 Points
2013-06-07 2:00 am EST
Hello Colinho,

The log file that James advised you about actually includes the IP addresses that are hitting your site. This is found within the cPanel - check out the info for access logs here. If you are having problems with mod security, then you can turn it off, but make sure to include the IP address into your .htaccess rule. I would first add the IP address and see if it doesn't alleviate your problem. If it's already in the rule, then you should try turning off the mod security in the cPanel. You can review the rule that needs to be implemented in your .htaccess here: Brute Force Attack on Wordpress logins.

If you continue to have problems AFTER you have added to the IP to your rules, then please let us know and we can review it once again.

Regards,

Arnel C.
Arn
18,399 Points
Staff
2013-06-07 12:26 pm EST
Hi I am still having problems accessing wp admin from within my organisation.
these are the proxy addresses:
203.117.90.112
58.185.170.212
202.55.66.248
Could you please block these IP. I have already included these IP in my htaccess rule.
Please reply ASAP. This is really urgent. Thanks.
colinho
14 Points
2013-08-22 6:10 am EST
Hello colinho,

Sorry for us not responding to your comment right away. Unfortunately we can't change server settings for you over this public site. However you can submit a verified support requests directly to support@inmotionhosting.com, confirming your account with the last 4 digits of the credit card on file, or the current AMP password.

Additionally it looks like you've already added these IP addresses to your .htaccess file? If so I don't believe you'd want us to block those IPs as requested, since the whole point of adding them to your .htaccess file is to allow them access to the WordPress admin section.

Please let us know if you're still having issues accessing your WordPress admin section.

- Jacob
JacobIMH
9,968 Points
Staff
2013-08-23 4:14 am EST
Like this Question?

Related Articles

It looks like there are no related articles.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!