Support » Plugin: Apocalypse Meow » IPv6 black listed, logon activity invisible, user logged on

  • Hi

    I’m Tech Admin for a website with information for victims of sexual abuse. The website is hosted in the Netherlands.
    WordPress 4.9.8.
    Log on GUI for the users: Ultimate Member.
    Apocalypse Meow active.
    Chat software: ArrowChat.

    All latest versions and up-to-date.

    The Content Admin reported strange behaviour today:

    One of the logged on users received previously a ban, for inappropriate chat messages. The ban was set up via the black list, the /64 version of the IP address was added to this black list. It was an IPv6 address.

    Today, a user with similar user name and the same inappropriate messages was active on the chat.
    The user list in WordPress shows this user, without information about ‘last logon time’. So never logged on?
    While the user was active on our chat. ArrowChat relies on WordPress for logon and security. Logon on the chat is redirected via the WordPress plugin “Ultimate Member”, a fancy front end which replaces the default WordPress logon pages.

    The Apocalypse Meow login activity didn’t show this logon. We removed the IP address range from the black list, the user did a re-logon after an Internet connection issue, and hop, there we have the logon attempt in the login activity. Same IP range of the IPv6 that was blocked earlier. The line below the IP address shows the same range with /64 as the one that was blocked.

    We banned now the old and the new user account, but not the IP address and not the IP range. Otherwise, we can’t see if user registers again from that address.

    Now, we want to know:
    – how can we set up an IP ban for an IPv6 range correctly?
    Is it sufficient to copy the line with part of the IP address with /64 suffix?
    Or do we need to reformat this line?
    – how can we use Meow to make sure any login attempt from a black listed IP address is recorded and blocked?

    Thanks in advance for help,

    Dominic

Viewing 1 replies (of 1 total)
  • Plugin Author Blobfolio

    (@blobfolio)

    Hi @jhenthygmailcom,

    Unfortunately the brute-force login features in Apocalypse Meow are only designed to work with the standard wp-login.php form. Custom plugins and themes that implement their own authentication schemes often do not fully mirror the normal login processes, and as a result, Meow’s login actions may never get triggered.

    For more complete and/or flexible protection, it would be better to implement bans at a firewall or server level, either manually or through a HIDS program like OSSEC. Done that way, it would not matter whether the activity happened inside or outside the commenting plugin. 🙂

    In terms of blocking an IPv6 subnet, you could enter the full IPv6 address followed by a “/64”. When you hit Save Settings, the result will be reformatted and floored for you. For example, 2600:3c00::f03c:91ff:feae:ff2/64 would then become 2600:3c00::/64.

    But as you can see from the above example, that kind of range covers a huge number of addresses, so you would likely end up blocking innocent users as well.

Viewing 1 replies (of 1 total)
  • The topic ‘IPv6 black listed, logon activity invisible, user logged on’ is closed to new replies.