WordPress.org

Forums

Simple Security Firewall
[resolved] Requests from blacklisted IP address not showing in Firewall log (2 posts)

  1. daviesda
    Member
    Posted 1 year ago #

    Hi Paul,

    I'm using v 2.6.5.

    After turning on the detailed Firewall log for a few minutes I saw lots of suspicious activity from an IP address repeatedly making a POST request to a malformed login page URL ("/wp-login.phpwp-login.php"). So I blacklisted the IP. I confirmed that the IP address was indeed blacklisted by loading the Firewall config page. The IP appears in the 'Blacklist IP Addresses' box.

    However if I turn off detailed Firewall log requests from the blacklisted IP are not showing up in the Firewall log. I've clicked Clear/Fix Log.

    If I turn the detailed Firewall log back on to check that the suspicious activity is still happening, it is. The detailed Firewall log reports that the IP is blacklisted, confirmed by '[ IPWHOIS Lookup ] [ Remove From Firewall Blacklist ] [ Add To Firewall Whitelist ]' but reports a result 'After whitelist options were applied, there were no page parameters to check on this visit.'

    So is a blacklisted IP address actually blacklisted, and I also assumed that requests from a blacklisted IP would appear in the regular Firewall log and not just the detailed log. Is that not the case?

    Cheers,

    David.

    https://wordpress.org/plugins/wp-simple-firewall/

  2. Paul G.
    Member
    Plugin Author

    Posted 1 year ago #

    Hi David,

    I think there is a misunderstanding here about the logging system - there aren't 2 levels "regular", "detailed". I'll review the plugin to see how blacklisted IP addresses appear in the log... I can't remember since this was one of the early features I implemented in the plugin.

    As I mentioned in another post I'll be rebuilding out the logging system to be more like an audit trail / log, but that's a while away yet.

    You could test the blacklisting of IP addresses by black listing your own and then forcefully turning off the firewall using the hard switch (https://icontrolwp.freshdesk.com/support/articles/3000000959-i-m-locked-out-of-my-own)

    Let me know what you find if you do.
    Thanks,
    Paul.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.