Blacklist Manager apparently not blacklisting

Can you please provide the following info:

1) open your .htaccess file and copy the lines of code where these IP addresses are listed in the blacklist section in your .htaccess file and show me what those lines look like.

2) can you list some examples of the exact IP addresses which are apparently getting through?

Aloha Friends at AIOWPS

The specific IPs that keep getting through are 91.200.12.*, 46.118.153.231, 91.210.147.8, and 46.118.117.16 . I get ten to twenty attempts per day from the IP range 91.200.12.* .

Here’s the entire AIOWPS section from my htaccess file:

[ Moderator note: code fixed. Please wrap code in the backtick character or use the code button. ]

# BEGIN All In One WP Security
#AIOWPS_BLOCK_WP_FILE_ACCESS_START
<Files license.txt>
order allow,deny
deny from all
</files>
<Files wp-config-sample.php>
order allow,deny
deny from all
</Files>
<Files readme.html>
order allow,deny
deny from all
</Files>
#AIOWPS_BLOCK_WP_FILE_ACCESS_END
#AIOWPS_BASIC_HTACCESS_RULES_START
<Files .htaccess>
order allow,deny
deny from all
</Files>
ServerSignature Off
LimitRequestBody 10240000
<Files wp-config.php>
order allow,deny
deny from all
</Files>
#AIOWPS_BASIC_HTACCESS_RULES_END
#AIOWPS_PINGBACK_HTACCESS_RULES_START
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>
#AIOWPS_PINGBACK_HTACCESS_RULES_END
#AIOWPS_IP_BLACKLIST_START
Order allow,deny
Allow from all
Deny from 130.185.155.0/24
Deny from 159.224.139.0/24
Deny from 176.8.88.0/24
Deny from 178.137.18.0/24
Deny from 178.137.89.0/24
Deny from 180.140.127.0/24
Deny from 185.81.158.0/24
Deny from 195.74.38.0/24
Deny from 213.184.244.0/24
Deny from 46.118.118.0/24
Deny from 46.118.153.0/24
Deny from 46.119.117.0/24
Deny from 47.89.29.0/24
Deny from 69.174.244.0/24
Deny from 82.98.146.0/24
Deny from 83.175.120.0/24
Deny from 85.128.142.0/24
Deny from 87.242.64.0/24
Deny from 91.200.12.0/24
#AIOWPS_IP_BLACKLIST_END
#AIOWPS_BLOCK_SPAMBOTS_START
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} ^(.*)?wp-comments-post\.php(.*)$
RewriteCond %{HTTP_REFERER} !^http(s)?://(.*)?\.friendlyaquaponics\.com [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule .* https://127.0.0.1 [L]
</IfModule>
#AIOWPS_BLOCK_SPAMBOTS_END
# END All In One WP Security

That’s it. Thanks! Aloha, Tim………

For starters some of those addresses and ranges which you quoted are not in your blacklist.
The following are not in your blacklist:
91.210.147.*
46.118.117.*

Also, how are you determining that the other addresses (which are meant to be blocked) are actually getting through? Where are you getting this information from?

Another thing you can try:
Edit your .htaccess file and everywhere you see a line with the format as follows:

Deny from 130.185.155.0/24

Change it to use this method:

Deny from 130.185.155.

(Note how I’ve changed from CIDR notation to wildcard notation)

Repeat the above for all such lines and then monitor your site again to see if those unwanted IP addresses are still getting through.

(yeah, I realized I hadn’t put those addresses into the blacklist yet; they just came in).

I know someone tried a hack when I get this message from my WP admin notification email address:

“A lockdown event has occurred due to too many failed login attempts or invalid username:
Username: friendly_techie
IP Address: 46.118.153.231

IP Range: 46.118.153.*

Log into your site’s WordPress administration panel to see the duration of the lockout or to unlock the user.”

Sometimes I’ll get 20 a day, mostly from 91.200.12.*.

I’ll change the notation from CIDR to wildcard, let it run a few days and see if they’re still getting through.

Thanks! Aloha, Tim………..

Aloha Wpsolutions

91.200.12.* has gotten through three times since I changed the notation from CIDR to wildcard in htaccess on the 18th. I didn’t wipe my system cache or CDN, but they’re set to auto-update every 24 hours, so that shouldn’t have affected it.

Any ideas?

Aloha, Tim…………

You previously mentioned the following:

I successfully locked my own IP out using the blacklist manager; then looked at the htaccess file and saw my IP, so the blacklist feature works (on me).

When you did this, were you blocking the exact IP address or an IP range?
If it was the exact address, then I would like to see what happens when you use the range instead. (I suspect the IP range blocking might not be working on your server)
Can you try blocking yourself out again but this time only specify the IP range which covers your address?

IP range blocking did NOT work; I logged right in with my IP range blocked.

What now? Get another hosting service?

Aloha, Tim…….

Get another hosting service?

Not necessarily.
I recommend that you ask your host provider support people why that particular .htaccess directive which is supposed to block IP ranges does not work on your server.

OK, just confirmed that NO IP blocking directive works on my server; I blocked a specific IP: 91.200.12.132, and it got through. So the only puzzle is why can I block my own specific IP but not any others? I’ll get with the tech support people at iPage then get back with any info.

Aloha wpsolutions

I just got off the phone with my iPage tech support guy and he said the following: get the “Allow from all” off the front of the list and put it at the end. This is what I had in .htaccess, that was created by AIOWPS:

#AIOWPS_IP_BLACKLIST_START
Order allow,deny
Allow from all
Deny from 130.185.155.*
etc, etc

What tech said is that the “Allow from all” just before the list of “denied” IP’s sets ALL IP’s to “allow” and ignores the list; he said the denys have to come first, then they are in memory. When the “allow” command comes in next, all IP’s except the denied ones are allowed.
So this is what I’ve got now:

#AIOWPS_IP_BLACKLIST_START
Order allow,deny
Deny from 130.185.155.*
etc, etc……
Allow from all
#AIOWPS_IP_BLACKLIST_END

I just cleared my cache and am reloading it; then clearing and reloading my CDN cache. I’ll let you know in a day or so if this worked.

Aloha, Tim………

Hi Tim,

That info you got from your tech support is a bit inconsistent with what the official Apache documentation says on these directives:

[…] the order in which lines appear in the configuration files is not significant — all Allow lines are processed as one group, all Deny lines are considered as another […]

Nevertheless, let us know, if this change helped in your case.

Greetings,
?eslav