Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

LiteSpeed - Built-in WordPress brute force protection (new feature)
New on LowEndTalk? Please Register and read our Community Rules.

LiteSpeed - Built-in WordPress brute force protection (new feature)

vovlervovler Member
edited December 2017 in General

A new feature has been introduced in LiteSpeed, wordpress bruteforce protection.
It works on wp-login and xmlrpc and drops the connection for X time after X failed login attempts.

Release log: https://www.litespeedtech.com/products/litespeed-web-server/release-log
Wiki: https://www.litespeedtech.com/support/wiki/doku.php/litespeed_wiki:config:wordpress-protection

If anyone has any means of testing this, how would this perform against a modsecurity rule, would it use more or less resources?

Also @Francisco could you test this against your in-house wordpress protection performance-wise?

Thanked by 1MikePT

"They said it's RAID 5" - geekypixal

Comments

  • MikeAMikeA Member, Provider

    They aren't charging to use it with a normal license?..

    ExtraVM - AMD Ryzen VPS starting @ $3.50
    USA (TX, VA, FL), CA, FR, UK, SGP, AU

  • FranciscoFrancisco Top Provider
    edited December 2017

    Mine needs a hand off so it's likely a tiny bit slower, but they still allow some activity hitting the PHP file which is going to burn CPU.

    My system requires interaction with a challenge page which means that if the user isn't validated (a bot that would have to have manually developed ways to trigger it) would always get served a static .html page.

    It's for sure a step forward but I get mountains of different IP's slamming away. The amount of proxies and other such things is insane. Most of my shared nodes get around 30,000 hits per day with a few of the ones with controversial sites (adult, political, etc) over 100,000 per day.

    Francisco

    BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
  • vovlervovler Member
    edited December 2017

    @MikeA said:
    They aren't charging to use it with a normal license?..

    You still need a LiteSpeed license to run LiteSpeed, it's not a wordpress plugin, it's supposed to be used to protect all websites in the server.

    Not sure if the feature will be or already is available in OpenLiteSpeed.

    Oh, yours asks for the challenge before even the first login attempt, right?

    "They said it's RAID 5" - geekypixal

  • FranciscoFrancisco Top Provider

    vovler said: Oh, yours asks for the challenge before even the first login attempt, right?

    Correct.

    Francisco

    BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
  • Host4GeeksHost4Geeks Member, Provider

    Hasn't ModSec been doing this for years?

    Thanked by 1doughmanes
  • @Host4Geeks said:
    Hasn't ModSec been doing this for years?

    In case you only read the title and the first paragraph.

    If anyone has any means of testing this, how would this perform against a modsecurity rule, would it use more or less resources?

    So to answer your question, YES. But its not about which did it first, rather which is more efficient (in case you are running LSWS).

    Obviously using both at the same time is useless. And since this new feature is active by default, you should disable it or the modsecurity rule.

    "They said it's RAID 5" - geekypixal

  • Papi @Francisco the best.

  • ...and systemd ideology slowly infests everything else.

Sign In or Register to comment.