Blacklist not working – locked out IP still coming through – Brute Force Attack

Resolved hooohn
(@hooohn)

6 years, 5 months ago
Hi there!

The following issue occurs:
1. I get Site Lockout Notifications:
```
A lockdown event has occurred due to too many failed login attempts or invalid username:
Username: admin
IP Address: 195.22.126.221

IP Range: 195.22.126.*

Log into your site's WordPress administration panel to see the duration of the lockout or to unlock the user.
```
2. I add IP address and IP range to blacklist
3. next day, I get another Notification, that the same IP tried to login
Checking the htaccess file, the IP was written in there correctly:
```
<IfModule !mod_authz_core.c>
Order allow,deny
Allow from all
Deny from 195.22.126.0/24
Deny from 195.22.126.221
...
<IfModule mod_authz_core.c>
<RequireAll>
Require all granted
Require not ip 195.22.126.0/24
Require not ip 195.22.126.221
```
I saw in the forum some threads unsolved with similar issues – is there a solution at hand now?

I shy away from buying country-blocking add-on etc. if I must fear it is not working properly…

thx for support, brute force is increasing!

Viewing 10 replies - 1 through 10 (of 10 total)

Plugin Contributor mbrsolution
(@mbrsolution)

6 years, 5 months ago

Hi, is your issue similar to the following support thread issue reported in the forum?

Thread Starter hooohn
(@hooohn)

6 years, 5 months ago

Basically yes, only this is about the blacklist, not the whitelist feature.

So you recommend to wait for the next bugfix release of the All In One WP Security & Firewall plugin?

Plugin Contributor mbrsolution
(@mbrsolution)

6 years, 5 months ago

If it is similar to your issue then you should wait until the next version is released. Then you should be able to see if it is resolved or not.

Kind regards

Thread Starter hooohn
(@hooohn)

6 years, 5 months ago

For the sake of completeness, this is the relevant Apache version:
2.4.6-45.el7.centos.4

Does this match your expectation?

Thread Starter hooohn
(@hooohn)

6 years, 4 months ago

Problem remains after update…

please help

Plugin Contributor mbrsolution
(@mbrsolution)

6 years, 4 months ago

Hi, do you one of the following features enabled? This is located under WP Security -> Firewall -> Basic Firewall Rules. If you don’t can you enable Completely Block Access To XMLRPC.

Completely Block Access To XMLRPC:
Disable Pingback Functionality From XMLRPC:

Regards

Thread Starter hooohn
(@hooohn)

6 years, 4 months ago

Thanks for your answer @mbrsolution.

Indeed I have Disable Pingback Functionality From XMLRPC enabled, I use Jetpack and the WP Mac App to monitor the site(s).

As I understood the comments above, there was to come a whitelist bugfix for some Apache servers that was supposed to help fix this blacklist issue.

Any news on this?

Do you suggest to use the Completely Block Access To XMLRPC function as a workaround? I don’t quite see the connection between XMLRPC and the blacklist feature?!

Thank you

Plugin Contributor mbrsolution
(@mbrsolution)

6 years, 4 months ago

Yes I do encourage to use Completely Block Access To XMLRPC function. Many hackers nowadays try to get through via the xmlrpc.php file.

Plugin Contributor wpsolutions
(@wpsolutions)

6 years, 4 months ago

Hi @hooohn,
Yours sounds like a similar situation to this one which I just replied to:
https://wordpress.org/support/topic/404-detection-reoccurrence-blacklisted-ips/

Regarding the .htaccess rules, I also recommend that you ask your server support guys to explain why they are seemingly being ignored on your server.

Thread Starter hooohn
(@hooohn)

6 years, 4 months ago

Hi @wpsolutions,
thx, I will check with the hoster and post any reply here

Hi @mbrsolution,
ok got it, while not sure how to deal with Jetpack

Viewing 10 replies - 1 through 10 (of 10 total)

The topic ‘Blacklist not working – locked out IP still coming through – Brute Force Attack’ is closed to new replies.

Tags