i adjusted the settings on my Limit Login Attempts plugin again, so that the first attempted login as “admin” (or anything other than the correct login name) results in a 720 minute (12 hour) block, and the second attempted login results in a 672 hour (28 day) block…
and STILL i have an estimated 5 attempted logins per day, and about half of them are blocked for 28 days… 😮
and, not only that, but two IP addresses — both from baghdad — have been blocked a total of 18 times (one has been blocked 10 times, and one has been blocked 8 times) since i installed the plugin, about 6 months ago.
and, so far, nobody has guessed the correct login name. 😎 although there have been some fairly obvious attempts, and some attempts — like “QhYQFvutnN” and “DouglasSevy” — that make me wonder what is really going on…
the only user other than “admin” that i have blocked since 141208 has been “QhYQFvutnN” which is really bizarre… i wonder what makes… you know, never mind. forget i said anything.
if you try to login as “admin” you get two tries before you’re IP banned.
give it up… 😐
now that i am not so reliant on spamcop, i’ve bumped up my spam-fighting in some other ways that are proving to be rather interesting. the most recent item in this ongoing battle is that i have installed a plugin that limits login attempts for people whom i have not granted credentials to login. basically you get two attempts, and if your guesses are wrong, you are blocked from accessing the blog for an hour. at that point, you have two more tries, and if you fail those, you’re locked out for 2 days…
i figured that this wouldn’t be a problem for people who actually know the password, and it would be another major roadblock for people who think they can guess it (hint: don’t even bother).
i installed the plugin two days ago, and i’ve already gotten
four five IP addresses that have been blocked for 2 days… it’s actually kind of amusing to watch — i get an email every time someone fails to login, so i get to watch as they try and fail and get blocked… 👿
and, to be honest, i am not sure that 2 days is long enough… i think i’ll wait and see, but i’m thinking that 30 days is more like what i am trying to achieve here… 👿
effective IMMEDIATELY, my email address is NO LONGER @spamcop.net…
there has apparently been a pretty extreme change of attitude at Cisco (the owner of spamcop), resulting in two things that are very bad, both for me, and for the internet at large. the first is that they are no longer providing email service @spamcop.net, and the second is that they are arbitrarily deleting “false-positives” — a message that appears to be spam, but actually is a legitimate message — without allowing me to check and forward those messages which are legitimate.
the result is that i am NO LONGER receiving email @spamcop.net they SAY that they will forward “legitimate” mail for one year, but they also say that they will delete any mail which appears to be spam, according to their “Cisco reputation system”, which i know to occasionally find false positives among people who occasionally email me… so i HIGHLY RECOMMEND that, from now on, if you want to contact me personally, you send mail to salamandir at hybridelephant dot com (ganesha at hybridelephant dot com is still good for business related issues),
it’s been more than 10 years… it’s the end of an era. 🙁