Support » Plugin: Sucuri Security - Auditing, Malware Scanner and Security Hardening » Bruteforce attack alerts don't take into consideration the limit

Bruteforce attack alerts don't take into consideration the limit

  • Resolved Commeuneimage

    (@commeuneimage)


    4 years, 8 months ago

    I’ve set the maximum of alerts per hours to 5 but receive limitless alerts when enduring (real) bruteforce attacks.

    Example: alert emails received at
    16:01
    16:03
    16:05
    16:07
    16:08
    16:09
    16:10
    16:11
    16:13
    16:15
    16:17
    16:18
    16:21

    Suggestion: This could be limited to two emails – first when the (possible) attack is detected and one recap email when it ends (with the full table log).

    https://wordpress.org/plugins/sucuri-scanner/

Viewing 3 replies - 1 through 3 (of 3 total)
  • yorman

    (@yorman)

    4 years, 8 months ago

    Thanks for the report, I will check this now.

    yorman

    (@yorman)

    3 years, 8 months ago

    After multiple tests we found that this issue was caused by a race-condition in the code that tracks the number of emails sent. When multiple requests are sent in a short period of time the code, to avoid locks, allows the emails to be sent when the trackers takes too much time to check if the limit was exceeded. The code was improved and will be released with the next version of the plugin.

    Commeuneimage

    (@commeuneimage)

    3 years, 8 months ago

    Oh! Nice to read!
    (Note that I’ve been patient 😉

    I’ll let you know if the issue still appears after next upgrade.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Bruteforce attack alerts don't take into consideration the limit’ is closed to new replies.

Topic Tags

Views