Support » Plugin: iThemes Security (formerly Better WP Security) » Ban User Agents – not working

  • I am getting site lockout notification emails from IP addresses starting with the same 6 numbers but the last 5 or 6 numbers are different each time. The IP Address tracker shows that it is coming from the same location for all site lockouts….so, I banned the IP address in the “Ban User Agents” field using this configuration since the first 6 numbers are always the same: ###.###.*.* but I am still getting site lockout notification emails from the exact same IP addresses again.

    When I save changes the IP address range changes to: ###\.###\.\*\.\*
    Is this what should happen?

    What else can I do to ban this range of IP addresses from my website?

    http://wordpress.org/plugins/better-wp-security/

Viewing 10 replies - 1 through 10 (of 10 total)
  • Place it in the ban hosts field..

    I think the slashes are showing up cuz of a zero you’re putting in there..

    For instance,

    55.555.55.55 – To block the last 2 ranges, put this line in – 55.555.*.*

    Whenever you use the wildcard (*), make sure that is the only thing between the periods (no other #s).

    Thread Starter vickyj

    (@vickyj)

    No zeros where added in the IP Address. I went in to re-enter the IP address range as you suggested 555.555.*.* (which is what I did originally anyway). I noticed that the “Ban User Agents” field now looks like this (I changed the real numbers with 555):

    555\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\.555\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\.\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\*\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\.\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\*

    Each time I click “Save Changes” it adds more back slashes – very odd, and I have not added any zeros.

    Thread Starter vickyj

    (@vickyj)

    I have added the IP address range into the “Ban Hosts” field so hopefully this will work. Thanks for redirecting me to the correct field. I mistakenly took the instruction above the Ban User Agents field for being the place where the IP address ranges should be entered….ooops, although now I am wondering what a “User Agent” is?

    I see that you are still placing the IP range in the user agent box. Place the IP range in the “ban hosts” box above it. 1 IP range per line.

    ha, nevermind.. didn’t see your follow-up post.

    no clue what the user agent field is.. haven’t found any info on it myself.

    Thread Starter vickyj

    (@vickyj)

    Thank you seriousthings. All fixed now. BTW: I left the IP range on one of my multisites still in the “Ban User Agents” field – which I shouldn’t have and it shut down my entire network of 51 sites giving 403 forbidden errors. The hosting company fixed it and once I could get back in I deleted all content in the Ban User Agents field. I think the author should give some further instruction on this field.

    I’m posting both specific IP addresses and ranges with wildcards in the banned host box and still getting both 404 errors and banned login attempts from the same exact IP addresses – most from China.

    On a couple of sites, I’m finding the same addresses attempting admin or nonsensical logins time and time again. Is there something with the “banned” menu that I”m missing? Like some of the others above, I’m not seeing this particular function working at all.

    There is an obvious bug because others have reported it on this board too.. and I just had one yesterday. No idea how they get through.. check your htaccess file to make sure the IPs are getting added?

    It does block them as my site is way down in 404s. As for the admin logins, use the “hide” tab.. change your login page to something else. The admin login attempts vanished once I changed that. Don’t forget what you changed it to tho and make sure you are whitelisted. 🙂

    Here try this list – I’ve been focusing on my list for the last month. Most (if not all) of the ranges that are blocked are hosting services. :-/

    101.108.138.187
    103.246.244.143
    106.169.49.21
    107.158.23.*
    107.2.168.255
    107.6.144.230
    108.163.*.*
    108.178.*.*
    108.240.137.118
    109.232.224.132
    109.254.19.34
    109.75.111.131
    109.91.66.79
    113.163.125.26
    113.212.69.132
    115.137.211.205
    117.102.121.3
    118.137.244.61
    120.61.38.165
    125.163.192.106
    125.253.121.210
    128.30.52.*
    130.185.156.219
    130.204.48.184
    136.145.181.36
    14.192.210.79
    142.0.38.94
    142.4.*.*
    142.91.*.*
    144.76.109.109
    149.154.158.71
    151.237.186.*
    151.237.186.114
    159.224.32.81
    162.213.218.153
    165.231.14.68
    172.240.27.*
    172.241.216.25
    172.245.*.*
    172.246.198.194
    173.0.49.248
    173.0.56.238
    173.208.152.42
    173.213.*.*
    173.232.*.*
    173.232.105.161
    173.236.37.83
    173.255.233.124
    173.63.150.50
    174.36.211.156
    176.31.45.172
    176.61.141.243
    178.150.149.79
    178.151.60.164
    178.158.214.36
    178.19.99.107
    178.206.203.40
    178.207.5.197
    178.207.76.41
    178.213.108.56
    178.254.160.30
    178.33.181.40
    179.43.137.167
    179.43.141.167
    180.180.121.56
    180.47.51.42
    181.15.186.10
    184.154.*.*
    184.82.*.*
    185.24.218.20
    185.38.248.223
    186.109.80.132
    188.143.*.*
    188.165.255.128
    188.232.121.144
    188.240.143.170
    188.249.203.74
    190.196.67.98
    190.248.128.238
    190.43.235.68
    192.116.63.161
    192.119.*.*
    192.157.251.166
    192.184.95.121
    192.187.110.203
    192.227.*.*
    192.3.*.*
    192.40.94.69
    192.73.239.97
    192.99.11.*
    192.99.12.*
    193.17.208.73
    193.242.108.25
    193.242.149.35
    195.39.253.22
    196.196.16.*
    198.100.144.92
    198.143.135.*
    198.143.165.*
    198.143.165.117
    198.15.78.*
    198.167.136.242
    198.20.70.*
    198.23.135.150
    198.27.126.*
    198.27.64.*
    198.46.130.190
    198.50.192.*
    198.52.202.207
    198.71.91.194
    199.119.225.*
    199.119.226.*
    199.119.227.*
    199.15.233.*
    199.168.185.187
    199.180.128.*
    199.180.129.*
    199.180.130.*
    199.180.131.*
    199.180.132.*
    199.180.133.*
    199.180.134.*
    199.180.135.*
    199.188.75.*
    199.193.255.243
    199.89.54.11
    200.58.114.31
    201.216.252.177
    201.59.158.178
    202.217.72.80
    203.78.36.245
    203.81.77.46
    204.68.120.173
    208.177.76.*
    208.39.105.118
    208.89.212.*
    208.89.213.*
    209.114.36.166
    213.251.189.*
    216.107.159.136
    216.189.55.*
    216.194.21.227
    216.244.78.165
    216.38.216.101
    217.12.199.*
    217.69.133.*
    217.7.78.188
    217.96.18.163
    218.159.195.251
    23.19.132.*
    23.226.224.137
    23.229.67.*
    23.231.103.151
    23.231.5.*
    23.231.7.*
    23.81.65.186
    23.88.104.*
    23.90.4.*
    23.94.*.*
    27.120.120.112
    31.192.104.70
    31.43.56.149
    31.6.71.75
    37.142.196.93
    37.203.208.81
    37.203.212.170
    37.215.204.11
    37.45.16.145
    37.57.25.225
    37.59.204.84
    37.59.71.183
    37.9.53.*
    39.55.248.49
    41.140.188.119
    41.34.132.241
    41.77.1.32
    46.105.156.228
    46.19.136.212
    46.195.106.83
    46.249.58.117
    46.29.252.6
    46.4.36.136
    5.10.83.*
    5.135.*.*
    5.135.240.55
    5.149.248.84
    5.149.253.45
    5.157.45.180
    5.22.130.32
    5.39.44.*
    50.11.206.33
    50.115.166.*
    50.115.167.*
    50.115.168.*
    50.115.169.*
    50.115.170.*
    50.115.171.*
    50.115.172.*
    50.115.173.*
    50.115.174.*
    50.115.175.*
    50.2.*.*
    50.23.131.196
    50.31.114.173
    50.56.58.47
    50.57.187.162
    50.57.68.14
    50.83.131.100
    54.204.97.100
    54.221.24.129
    54.226.207.36
    58.8.145.68
    59.182.182.177
    61.7.181.48
    62.122.100.90
    62.97.234.218
    63.141.248.44
    63.99.198.162
    64.188.47.188
    64.250.203.51
    64.37.54.199
    66.214.152.189
    66.248.193.212
    67.159.44.55
    67.87.186.83
    68.142.232.5
    68.230.4.2
    69.132.166.253
    69.15.235.189
    69.163.37.35
    69.175.*.*
    69.26.164.69
    69.41.14.*
    69.46.76.27
    70.140.54.174
    71.177.252.213
    71.200.49.238
    71.55.99.248
    72.167.232.75
    74.221.215.*
    74.221.215.60
    74.221.220.*
    75.127.15.137
    75.148.10.249
    76.164.195.*
    76.164.208.*
    77.122.1.178
    77.204.204.156
    78.128.94.123
    78.46.14.2
    79.176.25.195
    8.36.225.139
    8.36.225.196
    80.78.236.2
    80.79.122.140
    82.139.10.124
    84.125.4.160
    85.115.224.*
    85.17.155.130
    86.54.119.226
    86.57.191.33
    87.112.223.239
    87.117.252.41
    87.119.213.20
    87.252.227.135
    87.68.244.147
    88.135.234.222
    88.146.243.121
    88.200.136.197
    88.208.235.90
    88.8.23.185
    89.65.244.169
    89.77.107.125
    91.108.183.98
    91.121.28.133
    91.124.153.50
    91.189.219.107
    91.200.14.60
    91.210.103.188
    91.239.15.173
    93.115.84.195
    93.79.129.17
    94.23.*.*
    94.23.153.79
    95.141.20.200
    95.211.192.202
    95.42.245.207
    95.67.182.177
    96.127.149.211
    96.127.189.213
    96.249.235.193
    96.25.45.119
    96.38.67.184
    97.74.24.6
    97.79.239.37
    98.14.80.96
    98.254.230.177
    99.157.22.9
    99.178.82.100
    99.194.100.10

    Ah, think this may be the issue. None of the reported IP addresses are listed in the .htaaccess file? Have I missed something on configuring this plugin to add those?

    look at #12 and #17 on the Dashboard tab..

    Mine says,
    Your .htaccess file is fully secured.
    Better WP Security is allowed to write to wp-config.php and .htaccess.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Ban User Agents – not working’ is closed to new replies.