HI,
If it is not listed under the whitelist, then it may be a private IP that we don’t block. What numbers do the IP address start with? Possibly 10, 172, or 192?
Thanks!
Brian
69.63.188.206 is Facebook, according to lookup?
@mountainguy2
It appears so, but it cannot be blocked for some reason?
In what Wordfence setting are you attempting to block this IP?
@mountainguy2,
I have tried all ways without success.
And the other BIG problem of course is that spammers and hackers using various dynamic ip addresses and using sites which I have links on, to attack the site.
The issue with that is if you block each event; you end up blocking innocent visitors who fall with the spammers ip range.
Regards,
Rik, if you really want to block a single IP address from your website, just do it with your .htaccess file or your server firewall. You can also put it in your blacklist in WordPress/Discussion/Settings if you’re getting pestered by a single spammer and don’t want to fiddle with .htaccess and stuff like that.
In Wordfence, country blocking can be very effective at reducing spam attempts, in my experience. I’m told that in places such as Brazil and India they have what are virtually spam factories, with hundreds and even thousands of people paid to just sit there all day and try to spam us. I don’t need traffic from Brazil, so I block, then give access to individuals who request it by contacting me on Facebook, using the Wordfence options.
I have a high traffic blog website and don’t require registration for comments, and only get one or two spam comments a week. I don’t use a specific anti-spam plugin. Instead, I use moderation blacklist combined with country blocking (Wordfence Premium), other Wordfence settings, and a challenge question the comment author has to answer, like “what color is the sky?” to block most bots and human spam slaves who sometimes can’t even understand English. I use pretty strict settings in Wordfence to block the bot swarm, as well as a honey pot system (hidden link to a non-existent file, Wordfence blocks any IP which tries to access.)
Interestingly, now that I’ve got the spam bots under control my biggest problem is a large number of attack hits on my SFTP and Control Panel logins, things that Wordfence does nothing to help with but I trust will eventually be integrated. These are more than ugly comment spam, they are attempts to make a security breach.
MTN
@mountainguy2
Thanks for that, most helpful 😉
I’ll try what you suggest and hopefully get it under control.
I guess I worry that I may block people who want to visit the site so using Country blocker is a problem
Again, many thanks for you time in posting 😉
Indeed, some websites indeed have truly international appeal and country blocking would be inappropriate, but most websites in my opinion can do with some country blocking, just base it on analyzing where your spam attacks come from and be realistic about where you expect to get site traffic from. Also, you can easily tweak the block messages and add a suggestion that users contact you on Facebook if they get blocked and want access. You can then give them the secret WF URL that drops a cookie on their computer and gives them access. It actually can add a personal touch that can gain you readers/fans.
Some folks don’t understand that we pay money for bandwidth, and will accuse you of things like xenophobia and such when they get country blocked. Just tell them to go ask the hackers in their country to stop attacking us.
Plus, once you get a look at your server you’ll see a whole other level of attacks that Wordfence has nothing to do with. Again, country blocking can be a good way of limiting some of this.
Currently, I’ve heard that upwards of 30% of web traffic is criminal or otherwise useless bot traffic, and that traffic uses the equivalent of 1/2 the electrical output of the UK. Greenhouse gas, anyone?
MTN
Hi,
Catching up here — for the original issue above, known Facebook IPs were recently added to the internal whitelist (the change had a small mention in our changelog here), to help prevent unintentional blocking on sites that have set strict rules, especially since Facebook is crawling from multiple countries now.
@mountainguy2: Thanks again for helping out! By the way, for attacks on SFTP/SSH, installing “fail2ban” might be helpful, if you’re not already using it. It monitors logs for login failures and uses iptables to block bad IPs from various services (usually not HTTP, without customization though).
-Matt R
Thanks Matt, I’m gradually getting better at using my server firewall that the hosting company standardizes with, CSF. I set it up to ban by IP number after just 2 or 3 login failures in an hour. With super secure passwords on FTP and SSH that can’t be guessed, I’m thinking this is working pretty well. It actually acts as a honey pot. I also set up a bunch of full country blocks on the FTP/SFTP ports, those are incredibly effective in preventing criminals from trying to access FTP.
I know this is a bit off topic for this thread, but to swing back on topic, I’d suggest two things:
1. Once anyone gets serious about website security and using Wordfence for IP blocking, it’s a good idea to check with server hosting company to see what kind of firewall they’re using and if you can configure it yourself.
2. As a feature request… it seems so 1980s to be spending tons of time with Wordfence, only to find it does nothing to help with attacks on server login, and instead the poor beleaguered website owner has to learn yet another application. So, someday, will we have one place to go for all firewall/security settings? Wordfence-Ultimate?
