Support » Plugin: NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall » Blocked Country But Not Showing In The Logs

  • Resolved Jungle Tiger

    (@jungletech)


    I have blocked some countries, however they are not showing as the firewall is blocking them in the logs. I also still show the traffic hits in my google analytics.

    Is there some other setting that needs to be changed so it actually starts blocking?

    Otherwise this premium version is useless without these features working.

    https://wordpress.org/plugins/ninjafirewall/

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Hi,

    In the Access Control page, below the “Available Countries” list box, ensure that the “Log event” checkbox is enabled (it is by default).

    Then you can perform some tests:

    Test #1:
    1. Go to http://www.locabrowser.com (or other similar sites).
    2. Enter your blog URL and select one or more countries.
    3. Go to NinjaFirewall Access Control page and block those countries.
    4. Go back to locabrowser.com and click on “Go”.
    Then, check the results. Were you blocked?
    Check also the firewall’s log.

    Test #2:
    1. Go to NinjaFirewall’s “Firewall Options” page.
    2. Enable “Debugging mode”. The firewall will not block anyone, but will keep writing to its log as usual.
    3. Go to the Access Control page and block some major countries (US, Canada, Russia, China, France, Germany, UK etc.
    4. Wait until your site gets some traffic and check the firewall’s log. Do you see anything?
    5. To undo the above, remove the countries from the blocked list first, and then afterwards disable the debugging mode.

    Thread Starter Jungle Tiger

    (@jungletech)

    So I have tested it and it shows that it is blocking. However I am still getting hits in my analytics from counties that are blocked.

    In fact all the sessions I have had today should have been blocked, as the country that analytics shows is one of the blocked countries.

    The firewall logs do not even show the traffic that should have been blocked. I also checked the server access logs by IP and none of the accessed IP’s where in the country that was blocked (other than my tests). Maybe the traffic I am seeing is spamming google directly?

    Plugin Author nintechnet

    (@nintechnet)

    Yes, it looks like they hit Google servers directly. They send your Google ID and they spoof your domain name in the referrer header. That is very easy to do and often used by referrer spammers.
    If they accessed your site, NinjaFirewall would kick them out.

    Thread Starter Jungle Tiger

    (@jungletech)

    Ok, I deleted my google tracking profile for that web domain and replaced it with a new tracking profile. I will see if that helps.

    Next Question: I was using IP Ban to ban a large list of IP Addresses. I have both ranges like this:

    103.4.8.0-103.4.15.255
    107.20.0.0-107.23.255.255

    and single ones, as well as wildcards like this:

    54.210.145.*
    54.237.51.154

    Can I just copy these into the firewall config as is or do I need to change or adjust them?

    Plugin Author nintechnet

    (@nintechnet)

    It requires a full or partial IP.
    See the examples in the documentation page to understand how it works.

    To block 103.4.8.0 to 103.4.15.255, enter:
    103.4.8.
    103.4.9.
    103.4.10.
    103.4.11.
    103.4.12.
    103.4.13.
    103.4.14.
    103.4.15.

    To block 107.20.0.0 to 107.23.255.255, enter:
    107.20.
    107.21.
    107.22.
    107.23.

    To block 54.210.145.*, enter:
    54.210.145.

    To block 54.237.51.154, enter:
    54.237.51.154

    Thread Starter Jungle Tiger

    (@jungletech)

    Thank you. The change in tracking code seems to have worked. And for now I am just going to ignore the blocked ip list and see if it is still needed.

    Last question: What is the performance hit on country / ip block? Will this slow my website down a bunch?

    Plugin Author nintechnet

    (@nintechnet)

    We did several benchmarks and did not notice any difference.
    It is highly unlikely you’ll notice any performance hit.

    Thread Starter Jungle Tiger

    (@jungletech)

    Ok, Thanks

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Blocked Country But Not Showing In The Logs’ is closed to new replies.