Want to subscribe to topics you're interested in?
Become a Member

Nginx Failed login attempt

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by abakisensoy, Sep 7, 2020.

  1. abakisensoy

    abakisensoy Member

    48
    3
    8
    Dec 2, 2016
    Ratings:
    +3
    Local Time:
    10:14 PM
    latest
    5.5
    Hi

    I use htpasswd with centmin option 22.

    My login pages are restricted but still getting failed login attempt.

    Any idea how is that possible?
     
  2. eva2000

    eva2000 Administrator Staff Member

    45,201
    10,280
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,934
    Local Time:
    10:14 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    What web app/php script is this with ?

    You can check your login pages curl header checks for HTTP status code to verify HTTP password is working
    Code (Text):
    curl -Ik https://yourdomain.com/loginpage.php

    or
    Code (Text):
    curl -Ik https://yourdomain.com/loginpage

    see if 401 unauthorized or 403 permission denied status exists or 200 HTTP ok status
     
  3. abakisensoy

    abakisensoy Member

    48
    3
    8
    Dec 2, 2016
    Ratings:
    +3
    Local Time:
    10:14 PM
    latest
    5.5
    I see 401 unauthorized but still getting Sucuri Alert, Failed Login, mails. This start happening after moving to centminmod.
     
  4. eva2000

    eva2000 Administrator Staff Member

    45,201
    10,280
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,934
    Local Time:
    10:14 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    what IP addresses are reported by Sucuri Alert ? got examples ?

    are you behind Cloudflare proxy ?
     
  5. abakisensoy

    abakisensoy Member

    48
    3
    8
    Dec 2, 2016
    Ratings:
    +3
    Local Time:
    10:14 PM
    latest
    5.5
    Yes, Behind cloudflare.

    IPs from microsoft and OVH very different locations too
     
  6. eva2000

    eva2000 Administrator Staff Member

    45,201
    10,280
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,934
    Local Time:
    10:14 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    you can check your nginx site vhost access and error logs to see what user-agents are used could be command line attempts to log in
    Code (Text):
    domain=yourdomain.com
    grep 'ipaddress' /home/nginx/domains/$domain/log/access.log
    grep 'ipaddress' /home/nginx/domains/$domain/log/error.log
    
     
  7. eva2000

    eva2000 Administrator Staff Member

    45,201
    10,280
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,934
    Local Time:
    10:14 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Have you tried resetting wp-login.php HTTP password before ?

    You can also try to reset Wordpress wp-login.php HTTP password created by centmin.sh menu option 22 wordpress auto installer, you can use htpasswd.sh script
    Code (Text):
    vhostname=yourdomain.com
    /usr/local/nginx/conf/htpasswd.sh create /home/nginx/domains/$vhostname/htpasswd_wplogin USERNAME PASSWORD
    

    where, you change USERNAME to your desired username and PASSWORD to your password and change yourdomain.com to your wordpress site's domain name

    then restart nginx
    Code (Text):
    ngxrestart
     
  8. abakisensoy

    abakisensoy Member

    48
    3
    8
    Dec 2, 2016
    Ratings:
    +3
    Local Time:
    10:14 PM
    latest
    5.5
    -> grep 'ipaddress' /home/nginx/domains/$domain/log/access.log
    logs are filled with this :
    'ipaddress' "POST //xmlrpc.php HTTP/2.0" 200 500 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"

    also I change my wp-login page to /login-from-here

    I updated my vhost config :

    When I visit login-from-here page I write user and pass from htpasswd but page return
    404 Not Found
     
    Last edited: Sep 10, 2020
  9. abakisensoy

    abakisensoy Member

    48
    3
    8
    Dec 2, 2016
    Ratings:
    +3
    Local Time:
    10:14 PM
    latest
    5.5
    @eva2000;

    What should I do? How can I change wp-login page ?
     
  10. eva2000

    eva2000 Administrator Staff Member

    45,201
    10,280
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,934
    Local Time:
    10:14 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    don't bother changing wp-login.php you're already protected i.e. failed login attempts. As you're on Cloudflare, you can use Cloudflare Access to protect wp-login.php too. I do that on servermanager.guide
     
  11. abakisensoy

    abakisensoy Member

    48
    3
    8
    Dec 2, 2016
    Ratings:
    +3
    Local Time:
    10:14 PM
    latest
    5.5
    I know but i want to learn :)

    I follow your all guides. You are the king of hosting guides.