Plugin Author
AITpro
(@aitpro)
I am not a fan of trying to block IP’s and hostnames on a long term basis because IP addresses and hostnames are very easily spoofed. Login protection based on IP and hostnames is different and very important so I don’t want to send the wrong message here.
I have a very large collection of hacker scripts and delivery systems that i use for research.
It is very easy to code an automated IP address / hostname changer based on Time and the more advanced hacker scripts already have this. ie change my IP address and/or hostname every X seconds. ie If my IP address / hostname is banned change my IP/hostname.
The difference with using bans in login protection plugins is that you are causing the Brute Force Password Cracking script to only get X amount of attempts before being banned. The script then has to “restart” itself and this is an inconvenience that will usually cause a hacker bot to go elsewhere for easier targets.
So my answer is no i will never be adding any long term IP / hostname banning to BPS because I am instead focusing on an “action” approach to website security.
X does this bad action and Y is the result = Forbidden
No matter what their IP address or hostname is the action will not be allowed.
I get it; just thought I’d check. I have about 5 IPs that repeatedly try to create accounts on my WordPress/Buddypress site which was the only reason I asked. I’ll block those IPs elsewhere, but understand that it won’t be part of the plugin due to the issues you mentioned.
Plugin Author
AITpro
(@aitpro)
Well if you have repeat offenders then just add them to BPS Custom Code. You would add this custom .htaccess code to CUSTOM CODE BOTTOM: Add miscellaneous custom .htaccess code here text box, click the AutoMagic button for the secure.htaccess file and then activate BulletProof Mode for your Root folder again.
# Block Repeat Offenders by IP and Hostname
<Files *>
Order Allow,Deny
Allow from all
Deny from 10.1.3.0/24
Deny from hidemyass.com
deny from proxy.com
deny from anonymouse.com
deny from proxify.com
</Files>
And when I do so, the plugin styling disappear and I get a 500 and has to go to the root and delete the .htaccess….
Plugin Author
AITpro
(@aitpro)
@thorhammer – then your particular Host does not allow all or part of that .htaccess code or there is an invalid entry or typo in the code. I have noticed that on some Hosts you cannot use a range/CIDR – 10.1.3.0/24 – but all hosts do allow blocking by subnet – Examples: 10.1. or 10.1.3.
You can use the existing wp-comments-post.php htaccess code and add additional FilesMatch conditions like this. by adding .php and .js you are saying block access to all php and js files to the IP addresses listed as Deny from.
<FilesMatch "^(wp-comments-post\.php|\.php|\.js)">
Order Allow,Deny
Deny from 46.119.35.
Deny from 46.119.45.
Deny from 91.236.74.
Deny from 93.182.147.
Deny from 93.182.187.
Deny from 94.27.72.
Deny from 94.27.75.
Deny from 94.27.76.
Deny from 193.105.210.
Deny from 195.43.128.
Deny from 198.144.105.
Deny from 199.15.234.
Allow from all
</FilesMatch>
