Seems I have an ongoing attempt to get around an old vulnerability with the admin account from earlier versions (or works for any account just admin is only one useful or easily found?) . See https://portswigger.net/daily-swig/tiki-wiki-authentication-bypass-flaw-gives-attackers-full-control-of-websites-intranets
Someone keeps trying to login in to the admin account unsuccessfully. Thus disabling it. The only way I have found to re-enable the admin account is to edit the MySQL tables to clear out the flags and retry attempts. What are my options to keep this from happening? I have it set to disable an account after just 10 failed login attempts. They are disabling it again within hours of me re-enabling the admin account. The header of the email shows:
X-PHP-Script: h600.org/wiki/tiki-login.php for 22.214.171.124
Can I rename the admin account setup during the configuration? (Do not recall if the name is baked-into the code or not.)
I tried to block their IP address (126.96.36.199) for all services using the "Banning" feature but that does not seem to have any affect. Guess the login page service is not an included service. The IP is from St Petersberg, Russia.
I already changed the email address for the admin account as I was getting fake emails to the admin email through other software installed on the system (TNG). The fake emails are composed with garbage but a return email address given of revers at o5o5.ru Not sure if related.