Support » Plugin: All In One WP Security & Firewall » How to block IP permanent?

  • I’m a bit confused here… How can I block a IP permanent?? One of my sites is attacked every day from the same IP. I added this to the blacklist, but it has no effect…

    How can I block a IP???

    Thanks!

Viewing 12 replies - 16 through 27 (of 27 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    @jvalks, I also use ManageWP and I have not had this issue myself.

    You might want to investigate further your server settings or do you have any other security plugin installed in your site? Perhaps checking your server log files might reveal something.

    Regards

    I have checked the server log files, and what I see is:

    GET /wp-includes/wlwmanifest.xml – 80 – 46.118.156.191 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:50.0)+Gecko/20100101+Firefox/50.0 – 200 0 0 1291 227 15
    GET / author=1 80 – 46.118.156.191 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:50.0)+Gecko/20100101+Firefox/50.0 – 301 0 0 452 209 937
    GET / author=1 80 – 46.118.156.191 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:50.0)+Gecko/20100101+Firefox/50.0 – 301 0 0 452 209 937
    POST /xmlrpc.php – 80 – 46.118.156.191 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:50.0)+Gecko/20100101+Firefox/50.0 – 200 0 0 67837 98453 1062
    POST /xmlrpc.php – 80 – 46.118.156.191 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:50.0)+Gecko/20100101+Firefox/50.0 – 200 0 0 67837 98172 2482
    POST /xmlrpc.php – 80 – 46.118.156.191 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:50.0)+Gecko/20100101+Firefox/50.0 – 200 0 0 732 98145 1157
    POST /xmlrpc.php – 80 – 46.118.156.191 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:50.0)+Gecko/20100101+Firefox/50.0 – 200 0 0 732 98174 1079
    POST /xmlrpc.php – 80 – 46.118.156.191 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:50.0)+Gecko/20100101+Firefox/50.0 – 200 0 0 732 97942 1218
    POST /xmlrpc.php – 80 – 46.118.156.191 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:50.0)+Gecko/20100101+Firefox/50.0 – 200 0 0 732 98110 1047
    POST /xmlrpc.php – 80 – 46.118.156.191 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:50.0)+Gecko/20100101+Firefox/50.0 – 200 0 0 732 98317 944
    POST /xmlrpc.php – 80 – 46.118.156.191 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:50.0)+Gecko/20100101+Firefox/50.0 – 200 0 0 732 98151 1153
    POST /xmlrpc.php – 80 – 46.118.156.191 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:50.0)+Gecko/20100101+Firefox/50.0 – 200 0 0 732 98285 1132

    Again it’s showing that xmlrpc is not blocked 🙁

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, then you have to troubleshoot this issue.

    Can you follow my troubleshooting suggestions mentioned earlier?

    Regards

    Ok, I did the following:

    Removed all caching and disabled WP Super Cache (just to be sure).
    Installed the AIOWPS reset plugin and activated it.
    Reset all the AIOWPS settings using that plugin.
    Configures all the settings again.

    Unfortunately : XML-RPC server accepts POST requests only.

    The .htaccess files looks like this:

    # BEGIN All In One WP Security
    #AIOWPS_BASIC_HTACCESS_RULES_START
    <Files .htaccess>
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
    </IfModule>
    </Files>
    ServerSignature Off
    LimitRequestBody 10240000
    <Files wp-config.php>
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
    </IfModule>
    </Files>
    #AIOWPS_BASIC_HTACCESS_RULES_END
    #AIOWPS_PINGBACK_HTACCESS_RULES_START
    <Files xmlrpc.php>
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
    </IfModule>
    </Files>
    #AIOWPS_PINGBACK_HTACCESS_RULES_END
    # END All In One WP Security

    Any more suggestions? AIOWPS is the only security plugin on this site…

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, the .htaccess rules are correct. There must be something in your site that is causing this issue.

    Can you disable all of your other plugins except this one. What happens when you test the following URL?

    yoursite.com/xmlrpc.php

    Do you use CDN in your site?

    Hi,

    I disabled all the plugings, still the same result. I do not use some kind of CDN…

    What I’m going to do is create a new test-site, with a clean WordPress install and see what’s happening..

    Ok, created a new site. Installed WordPress and AIOWPS plugin. Enabled the basic firewall en checked Completely Block Access To XMLRPC. The .htaccess file is modified:

    # BEGIN All In One WP Security
    #AIOWPS_BASIC_HTACCESS_RULES_START
    <Files .htaccess>
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
    </IfModule>
    </Files>
    ServerSignature Off
    LimitRequestBody 10240000
    <Files wp-config.php>
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
    </IfModule>
    </Files>
    #AIOWPS_BASIC_HTACCESS_RULES_END
    #AIOWPS_PINGBACK_HTACCESS_RULES_START
    <Files xmlrpc.php>
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
    </IfModule>
    </Files>
    #AIOWPS_PINGBACK_HTACCESS_RULES_END
    # END All In One WP Security

    But still the same output using the /xmlrpc.php : XML-RPC server accepts POST requests only.

    My provider is using only Windows servers, and uses Helicon APE. Can this be the reason it does not work??

    • This reply was modified 2 years, 6 months ago by jvalks.
    Plugin Author wpsolutions

    (@wpsolutions)

    Hi @jvalks,
    As far as I understand, Windows server with “Helicon Ape” does allow support Apache for .htaccess files. I have not used such a setup before and hence I recommend that you ask your host support people to tell you why the apache rules for the pingback protection feature are not working as expected.

    Show them the following rules and ask them why they aren’t blocking access to the xmlrpc.php file:

    #AIOWPS_PINGBACK_HTACCESS_RULES_START
    <Files xmlrpc.php>
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
    </IfModule>
    </Files>
    #AIOWPS_PINGBACK_HTACCESS_RULES_END
    

    @jvalks, pls advise did you install wordfence before you install AIO?

    If yes, did you do the proper “magic” click on one of the function before you click deactivate and remove?

    If you did not do that, there might a chance for some conflict issue.

    @adamngai: No, I primary used (and installed) AIO. The test site has only the AIO plugin…

    @wpsolutions: I will create a support ticket for this, I keep you up to date..

    Ok, I received a answer from my hosting provider. They told me that I need to block xmlrpc using web.config. Like described in this article: http://stackoverflow.com/questions/30716073/azure-wordpress-deny-xmlrpc

    They also told me that within a few days this will be standard on their platform during the increased amount of attacks. So, the AOI plugin IS working, but only in combination with a hosting provider that DOES use the .htaccess method…

    This makes things more complicated for the future I guess…

Viewing 12 replies - 16 through 27 (of 27 total)
  • The topic ‘How to block IP permanent?’ is closed to new replies.