WordPress.org

Ready to get started?Download WordPress

Forums

Centrora Security™
[resolved] Why is whois.domaintools.com blocked? (6 posts)

  1. Dutchintouch
    Member
    Posted 1 year ago #

    I'm new to OSE Firewall, and wonder why I get countless emails telling me 'Malicious User Agent' whois.domaintools.com is blocked.

    Each instance has a different IP number associated with it, and those IP numbers are all over the place.

    http://wordpress.org/extend/plugins/ose-firewall/

  2. osexcel
    Member
    Plugin Author

    Posted 1 year ago #

    whois.domaintools.com is not blocked, the link shows you the IP information in whois.domaintools.com, it does not mean whois.domaintools.com is blocked.

    For the malicious user agent, please copy-paste the alert email here. we will take a look.

  3. Dutchintouch
    Member
    Posted 1 year ago #

    Ah, after applying come strong coffee I see that whois.domaintools.com simply gives me info about the IP number that was blocked.

    Cool.

    Here are some samples I get:

    ===Begin Quote===
    TYPE: Found Malicious User Agent
    DETECTED ATTACK VALUE: EMail Exractor
    ACTION: Blocked
    LOGTIME: 2013-02-21 06:29:30
    FROM IP: http://whois.domaintools.com/61.58.82.230
    URI: http://uniekewinkeltjes.com/about-unieke-winkeltjes
    METHOD: GET
    USERAGENT: EMail Exractor
    REFERRER: N/A

    TYPE: Found Malicious User Agent
    DETECTED ATTACK VALUE: Java/1.7.0_02
    ACTION: Blocked
    LOGTIME: 2013-02-22 02:40:04
    FROM IP: http://whois.domaintools.com/176.58.28.111
    URI: http://uniekewinkeltjes.com/26/pollux-cafe-restaurant
    METHOD: GET
    USERAGENT: Java/1.7.0_02
    REFERRER: N/A

    TYPE: Found Basic DoS Attacks
    DETECTED ATTACK VALUE: dDos Attack
    ACTION: Blocked
    LOGTIME: 2013-02-22 02:41:32
    FROM IP: http://whois.domaintools.com/38.113.234.181
    URI: http://uniekewinkeltjes.com/26/pollux-cafe-restaurant
    METHOD: GET
    USERAGENT: N/A
    REFERRER: N/A
    ===End Quote===

  4. osexcel
    Member
    Plugin Author

    Posted 1 year ago #

    Hi there

    The first two should be spammers that tries to extract email addresses from your website then spam your email box. The last one does not have a user agent so suspicious, I would recommend to leave them as it is, no need to whitelist these IPs.

    Hope this helps. :)

  5. Dutchintouch
    Member
    Posted 1 year ago #

    Yes, it does. Thanks!

    That said, how are we to know whether or not to whitelist any blocked IPs? Or is is better not to worry about it?

  6. osexcel
    Member
    Plugin Author

    Posted 1 year ago #

    It is not necessary to worry about it. In the future release, we will more functions and explanations so you can know whether they should be blocked permanently.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic