Support » Plugin: IP Geo Block » How to block a country regardless of IP address

  • Resolved thepanickedfoodie

    (@thepanickedfoodie)


    Hi,

    I’ve got some malicious attempts coming from a specific country, and I would like to block the entire country, regardless of what its IP address is. In IP GEO Block, I have put in the country code I would like to block, but there is still traffic coming from that country because they are using a different IP address. How can I fix this?

    Thanks,

    Ashley

    The page I need help with: [log in to see the link]

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author tokkonopapa

    (@tokkonopapa)

    Hi @thepanickedfoodie,

    … because they are using a different IP address.

    That IP address is not the country you want block, is it?

    Then I have some questions:

    1. How did you identify the malicious attempts came to the specific country?

    2. What kind of malicious attempts did you get?

    This plugin is of course based on the IP address, but there are some additional rules can filter the attacks:

    Bad signatures in query
    Bad signatures in query

    Prevent Zero-day Exploit on Back-end
    Prevent Zero-day Exploit on Back-end

    UA string and qualification on Front-end
    UA string and qualification on Front-end

    Or if you can identify the range of IP addresses of attackers, you can put that range or AS number into the Blacklist of extra IP addresses prior to country code
    Blacklist of extra IP addresses

    I hope I can make your situation better than now if you let me know more info.

    P.S. I love your lifestyle!

    Hi,

    I have a way of monitoring traffic to my blog, and that’s how I discovered the issues. While there are many malicious attempts, many seemed to be aimed at logging in and trying to take control over my site. There have also been multiple brute force attacks. Quantifying the range of IP addresses, and blocking individual IP addresses, is not a good strategy. I don’t understand why I cannot just block an entire country for good, regardless of the IP address. Since it’s being identified as coming from a certain country independent of the IP address, shouldn’t it be blocked?

    Ashley

    Plugin Author tokkonopapa

    (@tokkonopapa)

    Hi Ashley,

    I can understand your feelings. Unfortunately, we can’t identify the country name where the requests come from unless we can get GPS data from senders. A browser sends us some language list which it speaks, but it’s not the information about country. On the other hand, IP address includes the location information. You can find such information here.

    While there are many malicious attempts, many seemed to be aimed at logging in and trying to take control over my site.

    That’s why this plugin has the ability to block the requests to back-end. You know WordPress has important backend entrances (e.g. endpoint) that has some impact on the site. In this section, you can set up rules to validate requests for particularly important entrances of them.

    I hope you to refer to this doc and find the best solution for you.

    Thanks.

    @tokkonopapa, what does “Admin area – Block by country” mean in the screen grans above?

    Plugin Author tokkonopapa

    (@tokkonopapa)

    Hi @starapple,

    “Admin area – Block by country” means that access from forbidden countries to the PHP files under /wp-admin/ is blocked.

    If you have any questions, please open a new ticket.

    Thanks @tokkonopapa. I just wanted to be clear since it seems the OP wanted to block visitors by country but from your answer it seems the plugin doesn’t block visitors by country but certain countries from specific admin pages? Did I get that right? I couldn’t use the plugin to block all visitors from Country X but I could stop visitors from Country X accessing admin pages.

    Plugin Author tokkonopapa

    (@tokkonopapa)

    Hi @starapple,

    This plugin can block by countries for both back-end and front-end.

    Please find the docs “Back-end target settings” and “Front-end target settings“.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘How to block a country regardless of IP address’ is closed to new replies.