Support » Plugin: Loginizer » Blacklisted my own IP

  • Resolved obbs

    (@obbs)


    Earlier today I blacklisted a number of IPs that had been brute-forcing my login page. To do this I logged-in as admin, went to Loginizer -> Brute Force in the Dashboard, selected the IPs and added them to the blacklist.

    Now when I try to log in to my site again, I immediately get the message that my IP address is blacklisted. To be clear however, my IP address is *NOT* in the list that I blacklisted.

    I think I also noticed earlier that when the admin account was in lockout (because that’s the account that the attacker(s) are trying to break into, obviously), I also could not log in myself, even though the attacker(s) are using different IP addresses (as evidenced by the contents of the wp_loginizer_logs table).

    This is a nice plugin, but there’s something not quite right with how it decides which IP addresses it lets through.

    Or am I doing something wrong?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Contributor loginizer

    (@loginizer)

    Hi,

    Sorry for the inconvenience caused.

    If your IP is blocked you can use Sign On feature in Softaculous to get to your WordPress admin panel :
    https://www.softaculous.com/docs/enduser/sign-on/

    or if Softaculous is not available you can refer to the following guide to temporarily disable the plugin and then after you are logged in you can enable the plugin back :
    https://loginizer.com/docs/configuration-and-settings/disabling-the-loginizer-plugin-if-you-are-locked-out/

    Regarding the issue that your IP was blacklisted can you please go to WordPress admin panel -> Loginizer -> Dashboard and check the value for “Your IP Address” is that detected correctly ? Also is “Your IP Address” and “Server’s IP Address” the same ?

    If the IP is not detected correctly you can use the “Method” dropdown to configure the method which should be used to detect your IP.

    Do let us know if you still face the issue.

    Thread Starter obbs

    (@obbs)

    Thanks, the issue indeed was that the client IP address was detected incorrectly, so I was blacklisting the proxy servers connecting to my site, not the actual clients. I was blocked from logging in because my request went through a proxy that I had blacklisted.

    The solution was to go to the Loginizer Dashboard and change the IP detection Method to “Custom” and “CF-Connecting-IP”. The other methods all returned the proxy server’s IP address rather than my client’s.

    I had read the instructions for configuring Loginizer, and I don’t remember coming across an explanation of how to correctly set the IP detection Method (but I was drinking from the fire hose at the time, a lot to learn). If it is there, perhaps it’s not prominent enough in the documentation?

    About logging in via the Softaculous WordPress Manager app: note that this also does not work for the same reason (IP of proxy was blacklisted). The only workaround was to disable Loginizer by renaming the directory. Also note that just renaming the directory after successful login does not work: I found the plugin deactivated and also had to reactivate it from the WP -> Plugins page.

    I like the plugin though, it’s adequate, simple and does the job (so far at least).

    Cheers.

    Plugin Contributor loginizer

    (@loginizer)

    Glad to know your issue was resolved.

    It seems the IP method configuration is not mentioned in the documentation and Loginizer takes the default value for IP detection. We will add this to our docs to avoid this issue in the future for other users.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Blacklisted my own IP’ is closed to new replies.