Support » Fixing WordPress » Blocking IP Address from accessing website

  • mayank29gupta

    (@mayank29gupta)


    I am looking for ways to block a person from accessing my WordPress website. I am hoping to block his ip address if possible but his ip address seems to be different every time he visits website. Check ip below for example

    2401:4900:b84:dc68:0:42:3674:8f01

    2401:4900:2e8f:2678:0:56:1e1c:5f01

    2401:4900:2e9e:d54a:0:67:4977:1601

    2401:4900:2e8f:2678:0:56:1e1c:5f01

    Is there a way to block this person?

Viewing 15 replies - 1 through 15 (of 15 total)
  • Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    mayank29gupta

    (@mayank29gupta)

    Dear @macmanx

    Thanks for the reply. Its actually one person but his IP Address seems to change every time perhaps because he is accessing website via android phone. What to do in such case?

    Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    Hm, is there anything in particular this person is doing? Perhaps we could suggest something that targets the behavior.

    mayank29gupta

    (@mayank29gupta)

    Dear @macmanx thanks for the reply.

    This guy is doing literally everything. I have a small woocommerce site with blog. He is placing fake cash on delivery orders and irritating chat support on my website and he is also posting spam link in blog comments.

    All this because he wanted a certain thing for a discount that was not possible.

    Because he is using different emails and names for orders and chats, I just can’t block him out.

    I was hoping to block his IP but even that is changing.

    Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    Hm, yeah the IPs are definitely from a mobile provider in India.

    Having dealt with harassment like this before, there’s not much you can do that I’m aware of. Eventually they get tired of it and leave.

    Also though, eventually they’ll run out of IPs (unless they start using VPNs or Tor, not many bother with that extra step).

    Were it me, I’d use https://wordpress.org/plugins/banhammer/ and keep banning the IPs until they stop. If they do switch to Tor, you can use the pro version of that plugin to block Tor’s user-agent entirely.

    I’ll pass this over to my colleagues too, perhaps they some ideas as well.

    mayank29gupta

    (@mayank29gupta)

    Dear @macmanx I will try what you have suggested. Also wanted to know if it’s normal for IP address from mobile to change so frequently. And will it keep changing every time he visits my website.

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    πŸ³οΈβ€πŸŒˆ Plugin Review Team Rep

    So short of blocking everything from India (which you can do) there’s not a whole lot else πŸ™ And it’s not cheap to do it. Cloudflare, just as an example, offers GeoBlocking on the Enterprise level only.

    Edited to say : If there are common traits in the purchases, like addresses or what not, you can filter for that and block them.

    Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    Also wanted to know if it’s normal for IP address from mobile to change so frequently.

    Yes, basically each cell tower has its own IP or set of IPs. So, this person’s IP will definitely change depending on where they are, but there is a limit to the IPs.

    mayank29gupta

    (@mayank29gupta)

    Dear @ipstenu thanks for the reply. My website is Indian based so i can’t really block everything from India.

    There is nothing common in purchases that I have figured so far. Guy seems to use correct addresses and different names each time. Only when I call to confirm order is when I find out that order is fake because either mobile no doesn’t work or it belongs to someone else.

    carike

    (@carike)

    @mayank29gupta
    Allowing Cash on Delivery Orders can be somewhat risky.
    Is there a particular reason that you are allowing Cash on Delivery?
    Do you have a payment gateway plugin installed?

    I would disable Cash on Delivery orders.
    That way, if there are charge-backs, at least you have recourse.

    carike

    (@carike)

    For the other two problems you mentioned:

    > he is also posting spam link in blog comments.

    You can change your comment settings so that comments from users who do not have a previously approved comment are held for review.
    You can also hold comments for review that contains one or more links.

    > and irritating chat support on my website

    Training is your best solution there.
    You can explain to your chat support agents how to gracefully end a chat.

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    πŸ³οΈβ€πŸŒˆ Plugin Review Team Rep

    My website is Indian based so i can’t really block everything from India.

    Ouch.

    Some plugins that MAY help:

    There is nothing common in purchases that I have figured so far.

    Look into their emails? There’s usually some pattern to be found in their daftness.

    What follows is some PERSONAL advice that is in no way official. I AM NOT A LAWYER!

    Since this is a prior customer, I would hire a lawyer and see if you can get a legal injunction banning him from your site. While there is a low chance of this being fully enforceable, you will then have what is called precedent, which will allow you to seek compensation for damages. In other words, you want to look into if you can sue him for this.

    As I am not a lawyer, I can’t go further into the details. In the US, that’s generally where things have to go to get people like this to stop being a total waste of of air, and even then it ends pretty badly most times. But putting the money into a lawyer will be the best bet if you cannot stop him from a technical angle.

    (Sadly the Internet is not great about stopping people like this)

    dougaitken

    (@dougaitken)

    Automattic Happiness Engineer

    Hey @mayank29gupta !

    Oh no, I’m so frustrated for you with this whole scenario!

    I support the WooCommerce plugin so I wanted to drop a few suggestions here on top of the great advice already given – permit me if something has already been done/suggested and I’m repeating myself.

    * Uncheck the top Guest checkout option under WooCommerce > Settings > Accounts and Privacy – “Allow customers to place orders without an account ” – this means everyone will be “forced” to make an account on your site. This may not stop the person but increases the time spent placing orders
    * Remove Cash on Delivery as mentioned, Stripe.com is open for Preview in India – I’d recommend looking into that or using PayPal or another payment gateway for payment.
    * Cash is super useful but it opens up the opportunity for you to waste your time on people like this

    If you do believe it is this same person, I agree that speaking to the authorities is one of the best routes forward. Keep all the details of every order, each chat lot, any other contact from them and use this as evidence.

    Hoping for a speedy resolution!

    mayank29gupta

    (@mayank29gupta)

    thanks for all the replies. I am really grateful. Sorry for late response but the internet was blocked in my city by authorities due to violence. Thanks to all your advice I have had some success.

    Dear @dougaitken and @ipstenu thanks for your advice of going to authorities. Unfortunately, law is very week in India in this regard and furthermore it takes months if not year to get any relief from courts in India. But it has given me idea to send him an email threatening to take legal action which I will do with help of a lawyer.

    Dear @carike thanks for your suggestion to disable cash on delivery. However in India, 70% of all e-commerce purchases are through cash on delivery. I have in past tried to disable COD but it has affected my business significantly. As much as I would like to get rid of COD, its not possible at the moment.

    Dear @macmanx thanks for suggesting banhammer. I patiently banned all his IP Addresses. It seems to have worked as the activity from this guy has dropped on my website.

    I thank you all for the suggestions.

    Hallo @mayank29gupta,

    Yeah, unfortunately there isn’t a once-size-fits all answer to these sort of things πŸ™

    I would have suggested using one of the WooCommerce hooks to create a small custom extension that only allows verified users to select the COD option, but you are already verifying identities by phoning before you ship any products, so that wouldn’t help in your case.

    Good luck with the IPs. Hope it stops completely soon.

    Take care.

Viewing 15 replies - 1 through 15 (of 15 total)
  • You must be logged in to reply to this topic.