Support » Plugin: Defender Security - Malware Scanner, Login Security & Firewall » [Defender Free] IP address blacklist does not work ?

  • Resolved eugene212

    (@eugene212)


    I have tried to ban some IP addresses (seemingly spam bots) using Defender’s Firewall ‘Blacklist’ feature to no avail – web logs show that these IP addresses still access my website (with 301 and 200 status codes). There are no traces of ‘deny’ in .htaccess file – if I manually add ‘deny’ into .htaccess then everything works as expected.

    Please advise, what possibly could be wrong with Defender or its settings.

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Support Kris – WPMU DEV Support

    (@wpmudevsupport13)

    Hi @eugene212

    I hope you are doing good today.

    I made a test on my lab site and I could not replicate this issue there. After I banned my temporary IP I was not able to enter the site anymore and my actions were no longer visible in logs.

    The blacklist list is stored in the database wp_defender_lockout table. The defender does not add deny for IPs in .htaccess file. Could you review your wp_defender_lockout table in the database and see does those IPs exist there?

    Kind Regards,
    Kris

    Thread Starter eugene212

    (@eugene212)

    Hi Kris,
    The 3 IPs that I have added to Defender Blacklist don’t exist in the wp_defender_lockout table. There is a bunch of other IPs with ‘normal’ status, but no IPs defined in Defender…

    Regards,
    Eugene

    Thread Starter eugene212

    (@eugene212)

    I don’t know if it makes any difference, but my WP is installed in a subdirectory /wp.

    Plugin Support Patrick – WPMU DEV Support

    (@wpmudevsupport12)

    Hi @eugene212

    The IPs must go to PREFIX_options > wd_lockdown_settings

    I also tried to replicate any issue but it worked fine.

    Do you have any caching plugin? If so, can you try to disable it and check if you will get the lockout page?

    If the page is cached it is possible the IP will see the cached version.

    I don’t know if it makes any difference, but my WP is installed in a subdirectory /wp.

    Do you have the /wp directory mapped to the root domain like mydomain.com but the installation into wp or the mydomain.com/wp

    Then we can run some extra tests in this way too.

    Best Regards
    Patrick Freitas

    Thread Starter eugene212

    (@eugene212)

    Hi Patrick,

    Here are further details:
    1. Yes, database table entry ‘wd_lockdown_setting’ contains ip_blacklist with specified IPs.
    2. Yes, Hummingbird is used for page caching, but I was clearing page cache often (and browser’s as well). Also I was expecting IP banning to happen before any pages would start loading.
    3. Yes, installation is into mydomain/wp with site mapped to mydomain (using WP settings).

    Still I don’t see in server web logs specified IPs being banned, please advise.

    Note: currently I use manual entries in .htaccess to ban specific IPs, but would prefer if this can be done via Defender as I may consider banning regions/countries.

    Regards,

    Eugene

    Plugin Support Prathamesh – WPMU DEV Support

    (@wpmudev-support7)

    Hello @eugene212,

    I went ahead and made a site where I installed WP in /wp directory and mapped to the root domain and then tried to ban a few IP’s for my colleagues and the ban worked for all of them. If you mean to say that the logs are not reporting if the said IP is blocked or not, I see normally if the IP is banned from the list the log would not log it. Now I need to double-check with the Defender Team to see if that is the expected behaviour. I will confirm me and reply back to you here.

    Could you pull up a fresh lab site and check if the IP locking works there? Let me know your views on the same.

    Thank you,
    Prathamesh Palve

    Thread Starter eugene212

    (@eugene212)

    Hi Prathamesh,

    What I observe is that the hosting server web logs (not WP) show that the ‘Defender banned’ IPs still can access website with returned code 200 (success) instead of 404 or similar – if I block the same IPs manually in .htaccess file everything is as expected.

    I do have a lab (test) site where I have observed the same, so if needed I can create a temporary admin user for further checks.

    Regards,
    Eugene

    Plugin Support Prathamesh – WPMU DEV Support

    (@wpmudev-support7)

    Hello @eugene212,

    I checked with the Defender team and they said, it would not log it in the Defender logs. Now about the server log, I suppose this is because the ban is on the plugin level so when the site gets the site IP, it is blocked so with this. the server does not have it blocked from its end and that it will count it as visited as the site is loaded but when the site is loaded, the plugin detected the ban and displayed a ban page to them.

    I suppose this is the expected behaviour but I will line up tests on that too and check with the team to see if that is how it would be.

    Thank you,
    Prathamesh Palve

    Thread Starter eugene212

    (@eugene212)

    Hi Prathamesh,

    I did setup a simple test site with no page caching, but the issue seems to be elusive – IP blocking initially worked, then, after installing/activating 404 page plugin, I did observe it not working.

    Eventually after reinstalling WP, clearing database and reinstalling 404 page plugin I don’t observe it any longer, so perhaps it is one of the hard to pinpoint interactions between plugins…

    At the moment I am fine with blocking IPs in .htaccess file, so I will mark this conversation as ‘resolved’, but I will keep an eye on this (potential) issue in case if it raises its head again.

    Regards,

    Eugene

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘[Defender Free] IP address blacklist does not work ?’ is closed to new replies.