Blacklist Manager apparently not blacklisting

Hi as far as I know your action is correct. The black list will block any one from that IP range. In your case do you also have one of the Brute Force features enabled?

Under Firewall -> Basic Firewall Rules do you have the following enabled Enable Pingback Protection:.

Did not have Pingback Protection enabled. Is that where these attacks are coming into the site from?

I’ve enabled it; also enabled Block Access To Debug Log File (JIC).

As I understand, all this will do is prevent me from remote editing my site when on a tablet or iPhone, but NOT from my remote laptop. Is this correct?

Thanks for your help!

Aloha, Tim…….

Hi in regards to your questions below.

Is that where these attacks are coming into the site from?

Yes some find a way to get in from the pin back protection settings if not enabled.

As I understand, all this will do is prevent me from remote editing my site when on a tablet or iPhone, but NOT from my remote laptop. Is this correct?

Yes that is correct.

I am marking this support thread as resolved. No reply in 3 months.

Kind regards

Aloha Friends at AIOWPS

I enabled Pingback Protection; also enabled Block Access To Debug Log File (JIC).

I’m still getting hack attempts from blocked IP’s; the same ones over and over (in this case, 195.74.38.*). Like I said, this is a hiccup in an otherwise perfect meal. Can you please tell me what might be going on?

The site is https://www.friendlyaquaponics.com/ if you’d like to try a hack; let me know your IP so I can see if it gets through the blacklist manager after I enter it there.

Thanks, Aloha, Tim…….

Hi, have you enabled the Brute Force -> Rename Login Page feature?

What plugin version are you currently running? What WordPress version are you also running?

Aloha mbrsolution

Plugin version 4.0.1, WP 4.2.7 running Metro Pro from Genesis 2.1.2. About to do a major update of all plugins after a DB backup, then do one at a time and hope for the best. If you say update everything then check to see if it’s still happening, no problem, I’ll do that.

I had the AIOWPS/Login Lockdown Configuration set to “Instantly Lockout Invalid Usernames” once, then accidentally did a typo on login and got my IP locked out. I fixed it in the database then reactivated the plugin, of course.

But I’ve got a question about that: does it allow me multiple login attempts if I’ve got the Rename Login Page feature activated, or does it boot me out after one typo? It’s off now, but if you say ON, I’ll turn it on.

Also, if I enable whitelisting of my IP, and typo on login, will it boot me out, or allow another attempt? I was hesitant to try this after the lockout experience with Invalid Usernames, and it seemed like the regular WP login was catching all the hack attempts. I NEVER use my admin login to author posts (only an “Editor” login), so my admin username never shows up in the author box, and all kinds of hackers try to login with either “admin” or my Editor username.

Really, thanks for any advice you can offer here. AIOWPS has so many bells and whistles that I didn’t catch them all the first time around.

Aloha, Tim…….

Hi, once you upgrade to version 4.0.6 report back with any issue you may have.

Your WordPress version 4.2.7 is very old.

In regards to the following question.

does it allow me multiple login attempts if I’ve got the Rename Login Page feature activated, or does it boot me out after one typo?

You can log into your account using different browsers even if you have the Rename Login Page active. However if you make a mistake for example a typo mistake and you are locked out then you cannot log back in.

In regards to the following.

if I enable whitelisting of my IP

Whitelisting means only the IP address added can log in. However if you again typed the wrong information when trying to log in and you have enabled the lock out feature you will be locked out regardless.

In regards to the following.

I NEVER use my admin login to author posts (only an “Editor” login), so my admin username never shows up in the author box, and all kinds of hackers try to login with either “admin” or my Editor username.

I hope your admin name is not admin? Or maybe I am reading it incorrectly.

Thanks so much!

No, admin-name is NOT admin. It’s a long Fijian word that no one who doesn’t speak the Fijian language could ever guess. Kind of like they used Navajo-speaking radio operators in Germany in WWII on unencrypted channels, with no danger of interpretation of the communications by the Nazis.

I’ll do the upgrades then check back in if there seem to be issues with AIOWPS. THANKS AGAIN!!!

Aloha, Tim………

Aloha mbrsolution or whomsoever answereth this:

Blacklist manager is definitely NOT blacklisting. I’ve updated EVERYTHING on the site as of today (see “Current System Status” after the body of this email), and previously blacklisted IP’s are still getting through, namely 91.200.12.* .

The attacker is smart enough to use my posting name friendly_techie (that appears in the LL corner of the posts) to hack with, but that login only has Editor permissions. I NEVER let my admin name out anywhere, and don’t use the admin password for any other account anywhere. But I’d still like to cut off this possible avenue of intrusion, if you can help.

thanks in advance for whatever you can offer,

Aloha, Tim

CURRENT SYSTEM STATUS FOLLOWS:

### WordPress Environment ###

Home URL: https://www.friendlyaquaponics.com
Site URL: https://www.friendlyaquaponics.com
WC Version: 2.5.5
Log Directory Writable: ?
WP Version: 4.5.1
WP Multisite: –
WP Memory Limit: 256 MB
WP Debug Mode: –
Language: en_US

### Server Environment ###

Server Info: Apache
PHP Version: 5.5.30
PHP Post Max Size: 8 MB
PHP Time Limit: 30
PHP Max Input Vars: 1000
SUHOSIN Installed: –
MySQL Version: 5.5.48
Max Upload Size: 2 MB
Default Timezone is UTC: ?
fsockopen/cURL: ?
SoapClient: ?
DOMDocument: ?
GZip: ?
Multibyte String: ?
Remote Post: ?
Remote Get: ?

### Database ###

WC Database Version: 2.5.5
:
woocommerce_sessions: ?
woocommerce_api_keys: ?
woocommerce_attribute_taxonomies: ?
woocommerce_termmeta: ?
woocommerce_downloadable_product_permissions: ?
woocommerce_order_items: ?
woocommerce_order_itemmeta: ?
woocommerce_tax_rates: ?
woocommerce_tax_rate_locations: ?

### Active Plugins (26) ###

All In One WP Security: by Tips and Tricks HQ
Peter
Ruhul
Ivy – 4.0.7

BE Social Counter Widget: by Bill Erickson – 1.0.0

CloudFlare: by Ian Pye
Jerome Chen
James Greene
Simon Moore
David Fritsch
John Wineman (CloudFlare Team) – 1.3.24

Ecwid Shopping Cart: by Ecwid Team – 4.2

Genesis Connect for WooCommerce: by StudioPress – 0.9.8
Genesis Design Palette Pro: by Reaktiv Studios – 1.3.15
Genesis Simple Edits: by Nathan Rice – 2.1.4
Genesis Simple Sidebars: by Nathan Rice – 2.0.3
Genesis Title Toggle: by Bill Erickson – 1.7.0

Google Analytics by MonsterInsights Pro: by MonsterInsights – 5.4.10

InfusedWoo Pro: by Mark Joseph – 2.5.1
PayPal for WooCommerce: by Angell EYE – 1.1.9.2

Photo Gallery: by WebDorado – 1.2.100

Postmatic - WordPress Subscriptions & Commenting by Email: by Postmatic – 1.4.13

Quiz And Survey Master: by Frank Corso – 4.7.0

Reveal IDs: by Oliver Schl?be – 1.4.6.1

Fast Secure Contact Form: by Mike Challis
Ken Carlson – 4.0.41

Stop Comment Form Spam: by Brad Dalton - WP Sites – 1.1
Use Google Libraries: by Jason Penney – 1.6.2.1
USPS WooCommerce Shipping: by WooForce – 2.4.8
WooCommerce Product Add-ons: by WooThemes – 2.7.17
WooCommerce Stamps.com API integration: by WooThemes – 1.2.5
WooCommerce: by WooThemes – 2.5.5
WooThemes Helper: by WooThemes – 1.6.2
Yoast SEO Premium: by Team Yoast – 3.2.2
WP Super Cache: by Automattic – 1.4.8

### Settings ###

Force SSL: –
Currency: USD ($)
Currency Position: left
Thousand Separator: ,
Decimal Separator: .
Number of Decimals: 2

### API ###

API Enabled: ?
API Version: 3.1.0

### WC Pages ###

Shop Base: #2214 - /shop/
Cart: #2215 - /cart/
Checkout: #2216 - /checkout/
My Account: #2217 - /my-account/

### Taxonomies ###

Product Types: external (external)
grouped (grouped)
simple (simple)
variable (variable)

### Theme ###

Name: Metro Pro Theme
Version: 2.0.1
Author URL: https://www.studiopress.com/
Child Theme: ?
Parent Theme Name: Genesis
Parent Theme Version: 2.2.7
Parent Theme Author URL: https://www.studiopress.com/
WooCommerce Support: ?

### Templates ###

Overrides: –

Hi, I have sent a message to the plugin developers to investigate further your issue.

Thank you

I think you should firstly confirm that the blacklist feature works by using your IP address to block yourself temporarily.

1) Make sure you are logged into your server using FTP. This will be handy to unlock yourself if needed.

2) Log into wordpress admin panel and add your IP address to the blacklist settings.

3) Try accessing your site from a browser where you are not logged in.
You should be denied access. If not, then the apache directives are not working on your server.

(If things are working fine and you do get blocked, just FTP your .htaccess file from your server to your computer and edit that file and remove the part of the code which has your IP address and then FTP the file back to the server)

OK, thanks, wpsolutions! All very clear, no prob.

However: “Where” do I unlock myself if I succeed in locking my IP out? Ie, which database table, which line, etc? There’s a lot of stuff there, and I don’t want to guess where you put it and be wrong.

thanks, Aloha, Tim………

“Where” do I unlock myself if I succeed in locking my IP out? Ie, which database table, which line, etc?

No database table is involved for the blacklist – it is all in the htaccess file. As previosuly mentioned, just FTP your .htaccess file from your server to your computer and edit that file and remove the part of the code which has your IP address and then FTP the file back to the server. (Or you can change the IP address inside the .htaccess file which matches yours to something else -ie, tweak a digit or two)

Aloha Friends at AIOWPS

Finally got time to look at this again:

I upgraded; got current versions of everything. I successfully locked my own IP out using the blacklist manager; then looked at the htaccess file and saw my IP, so the blacklist feature works (on me).

The following IPs are still getting through the blacklist manager, even though they’re showing up in it, and in the htaccess file:

91.200.12.*, 46.118.153.*, both Russian origin. Their ISP’s complaints department doesn’t return calls.

Any ideas?

I’m not worried; they’d have to suss out both my admin login name and my password, and they haven’t even gotten the admin name once.

Thanks for any thoughts you may have on this matter! Aloha, Tim……