Notified admin login by IP (NOT me), Manually blocked IP. Now I'm blocked!

  • HowToBlog

    (@howtoblog)


    8 years, 11 months ago

    I have WordFence installed on all of my WordPress sites and love the plugin. It’s remarkable how many attempts are made by bots to get into WP sites, regardless of their size or popularity.

    I received a very disturbing email from WordFence notifying me that someone w/an unknown IP address from PANAMA (I’m in the US, so not me) had logged into an account with administrative access 2 hours ago. That was a first for me, and I gotta say it freaked me out a little…

    So I took what I thought would be the appropriate immediate steps to deal with the problem:

    1. Created a NEW admin account w/a very strong PW using 1Password, logged out of the existing account, logged into the new account and then deleted the old account
    2. Went into WordFence settings and told it to manually block this IP from Panama completely from the site

    I was about to run a scan w/Securi for malware, malicious files, etc, but I am now locked out of my own site – reason given says that my IP was manually blocked. I am 100% confident this was not user error on my part (I didn’t even know what my IP address presently was – I just pasted the Panamanian IP into the ‘manual IP block’ setting of WordFence, and after I was blocked, I did a standard ‘what is my IP’ and confirmed that it’s entirely different from the one I blocked from Panama. Not to mention that I then checked the email WordFence sent after I personally had logged in, alerting me of the account access, and even it knew my IP was different.

    So I’m not sure which to be more concerned about here… The fact that somehow, despite using strong passwords, someone (or a bot) from Panama managed to log into one of my sites or that when I went to manually block their IP, I instead got locked out… Neither one is feeling very good right now…

    And, how can I get back into my site? The instructions on the “You’ve been blocked” page don’t address what to do if you’re locked out due to a manual IP block, so I can’t access my Dashboard to fix it or deactivate WordFence… Would FTP’ing into the site and deleting WordFence from WP-Content do the trick? I’m hesitant to leave the site w/o security even for a short bit though now given what’s been going on… Perhaps I’m just paranoid, but still…

    Any help would be greatly appreciated!!!

    https://wordpress.org/plugins/wordfence/

Viewing 1 replies (of 1 total)
  • Thread Starter HowToBlog

    (@howtoblog)

    8 years, 11 months ago

    OK — I’ve been able to get back into my site via option 1 from the Unlock Email Request that was sent to my admin email.

    BUT, that unlock is only good for 30 minutes… So I unblocked the random Panama address (after first pulling a report of all accesses by that IP — the browser ID for it was usually “Mozilla/5.0 (compatible; SeznamBot/3.2; +http://fulltext.sblog.cz/)”

    Why is WordFence blocking me out when my IP is drastically different from the one manually blocked?

    How do I know if my site was actually hacked?

    I don’t know what to make of any of this…

Viewing 1 replies (of 1 total)
  • The topic ‘Notified admin login by IP (NOT me), Manually blocked IP. Now I'm blocked!’ is closed to new replies.