• Resolved cousineddie

    (@cousineddie)


    Hi, I have geoblocking enabled in AIB and specifically Russia is listed as one of the countries however I still seem to be getting a lot of web spam from them? I have been reporting them manually via AbuseIPDB and the IP’s are confirmed as based in that country, often with a score of 100%, yet they still seem to be getting through? The manual reporting can be quite time-consuming. Is there any way I can make the block more effective using AIB? I actually only need/want to allow IP’s in the Australia and US range. Thanks

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author IniLerm

    (@inilerm)

    Hi @cousineddie,

    Thanks for reaching out and using Advanced IP Blocker!

    If IPs from Russia are still getting through despite having the country selected in your Geoblocking list, it’s usually related to the specific Geolocation Provider you have configured in the plugin settings. IP allocations change constantly, and while AbuseIPDB might have a recent record mapping them to Russia, your currently selected provider or local database might be slightly outdated for those specific IPs.

    To help us investigate this:

    1. Could you please let us know which Geolocation Method and Provider you are currently using in the AIB Settings (under the IP Detection & Geolocation section)?
    2. Could you share an example of one of those IP addresses? We would love to test it directly against our geolocation engines to see why it bypassed the block.

    Regarding your question about only allowing Australia and the US: Currently, the Geoblocking feature operates as a Blocklist. To achieve an ‘Allowlist’ effect where ONLY Australia and the US can access your site, you would currently need to select every other country in the list and leave AU and US unselected. We understand this can be quite tedious to set up!

    However, this is a great use-case. We are going to note this down as a feature request to add a “Mode: Blocklist / Allowlist” toggle to the Geoblocking module in a future update, which will make this exact scenario much easier for you.

    Looking forward to your reply with the example IP so we can get this sorted out!

    Thread Starter cousineddie

    (@cousineddie)

    Recent IP’s reported as spam from .ru domains:

    195.2.84.198 , 178.20.47.39 , 84.54.44.19

    Method: Real-time API

    API provider: IP-API.com

    thanks

    Plugin Author IniLerm

    (@inilerm)

    Hi @cousineddie,

    Thank you so much for providing the exact IP addresses and your configuration details. This helped us pinpoint the exact issue immediately!

    We tested the IPs (195.2.84.198, 178.20.47.39, 84.54.44.19) and they are indeed correctly mapped to Russia (Moscow). The reason they bypassed the block on your site is due to API Rate Limiting.

    Because you are using the Real-time API method with IP-API.com, you are subject to their free-tier limit of 45 requests per minute. When your site experiences a burst of traffic or a wave of spam bots, the API limit is quickly exhausted. Once that limit is reached, the API returns an HTTP 429 (Too Many Requests) error. When AIB cannot fetch the country data due to this error, it defaults to letting the connection through to prevent locking out legitimate visitors.

    The Solution for High-Traffic / Spam Waves: We highly recommend switching your Geolocation Method from “Real-time API” to “Local Database”. This processes all IPs locally on your server—meaning zero rate limits, zero API latency, and 100% block accuracy during high-traffic spikes.

    How to set it up:

    1. Go to AIB Settings -> IP Detection & Geolocation.
    2. Change the method to Local Database.
    3. Create a free account at MaxMind to get a MaxMind License Key and paste it into the settings.
    4. Wait a few minutes for the databases to download (you should see GeoLite2-City, GeoLite2-Country, and GeoLite2-ASN show as “Installed”).
    5. Finally, click the “Clear Location Cache” button.

    Regarding your request to only allow Australia and the US: While it is technically possible to select every other country in the blocklist to create an “Allowlist”, we strongly advise against this approach for a few critical reasons:

    1. Broken Third-Party Services: Many essential services (Payment Gateways like Stripe/PayPal, Uptime Monitors, SEO crawlers, and API webhooks) route their traffic through data centers in Europe or other unexpected regions. Blocking the rest of the world will likely break these integrations.
    2. Database Bloat: Blocking 200+ countries will generate an enormous amount of blocked IP records in your database, which can become resource-intensive and bloat your server over time.

    The Recommended Best Practice: Instead of blocking the entire world, use Hard Blocks strictly for known high-risk countries (like Russia) where you never expect legitimate traffic. For other broadly suspicious regions, use the AIB “Geo-Challenge” feature instead. The JavaScript challenge will instantly stop automated spam bots from those countries without bloating your database with block logs, while still allowing legitimate human visitors or advanced verified services to pass through harmlessly.

    Let us know how the Local Database works out for you!

    Thread Starter cousineddie

    (@cousineddie)

    You are most welcome. I have updated AIB as suggested and will let you know how it goes. Thanks again

    Thread Starter cousineddie

    (@cousineddie)

    So its been a few days since I updated AIB settings as per your suggestion and I have had 14 spam webmail. Thats about the average but maybe even more than I was getting before. I noticed they were all from 3-4 same IP’s one of which was a Netherlands domain so I have added that country to my geoblock locations too.

    Plugin Author IniLerm

    (@inilerm)

    Hi @cousineddie,

    Thanks for the update and for keeping an eye on the logs!

    What you are experiencing is a very common scenario. It’s important to differentiate between malicious traffic (which Advanced IP Blocker excels at stopping, such as brute-force attacks, vulnerability scanners, and malicious bots) and form spam.

    Form spam is often submitted by human “click-farms” or sophisticated bots using clean, residential IPs that are not on any global blacklists. Because these IPs are technically “clean” and they mimic normal browsing behavior, a firewall or GeoIP blocker will naturally let them through (unless you block their specific country, as you just did with the Netherlands, which is a great move!).

    To effectively stop webmail spam, you need a defense-in-depth approach. Advanced IP Blocker protects your server infrastructure, but for forms, we highly recommend adding a dedicated Anti-Spam or CAPTCHA layer directly to your contact form (like Contact Form 7, WPForms, etc.).

    Here are a few quick recommendations to stop those 14 spam emails:

    1. Add a CAPTCHA to your form: Integrating Cloudflare Turnstile (which is free and invisible) or Google reCAPTCHA v3 into your forms will immediately drop bot submissions without blocking legitimate users.
    2. Use Akismet: If you use a compatible form plugin, Akismet is incredibly good at analyzing the content of the message and flagging it as spam before it reaches your inbox.
    3. Manual Blacklisting: Since you noticed they come from the same 3-4 IPs, you can add those specific IPs directly to the Local Blacklist (ALLOW/BLOCK rules) in Advanced IP Blocker to ban them permanently.
    4. Email Scraping: Please ensure your actual email address is not exposed in plain text on your website’s HTML. Sometimes bots just scrape your email and send spam directly from their own mail servers, bypassing your website’s contact form entirely!

    Advanced IP Blocker is doing its job keeping your site secure from hackers, but combining it with a good CAPTCHA on your contact page will give you the ultimate peace of mind against spammers.

    Let us know if you need help configuring any specific IP blocking rules!

    Best regards,

    AIB Team

    Thread Starter cousineddie

    (@cousineddie)

    Thankyou!

Viewing 7 replies - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.