Blocking IP range using Blacklist Manager nor working

  • Resolved soober99

    (@soober99)


    2 years, 8 months ago

    I’ve been getting regular security lockout messages from a consistent range of IP addresses with varying usernames. 

    A lockdown event has occurred due to too many failed login attempts or invalid username: Username: ekzamenov IP Address: 185.119.81.104 IP Range: 185.119.81.*

I've added that IP Range to my htaccess file using the Blacklist Manager but the lockout messages keep trickling in almost every day. 

What I see in the .htaccess file is included below (note, a while back I added another range which is also shown). My webhost is serving up my site using Apache.

Not sure how to block all these login attempts from 185.118.81.*
Any help is appreciated.
Many thanks,
Sue

    # Apache < 2.3
    <IfModule !mod_authz_core.c>
    Order Allow,Deny
    Allow from all
    Deny from env=bad_bot
    #AIOWPS_IP_BLACKLIST_2_3_START
    Deny from 185.119.81.0/24
    Deny from 202.164.60.0/24
    #AIOWPS_IP_BLACKLIST_2_3_END

    </IfModule>

    # Apache >= 2.3
    <IfModule mod_authz_core.c>
    <RequireAll>
    Require all Granted
    Require not env bad_bot
    #AIOWPS_IP_BLACKLIST_2_4_START
    Require not ip 185.119.81.0/24
    Require not ip 202.164.60.0/24
    #AIOWPS_IP_BLACKLIST_2_4_END`

Viewing 3 replies - 16 through 18 (of 18 total)
  • Thread Starter soober99

    (@soober99)

    I’m confused about how this sheds light on the issue I’ve been trying to solve for quite some time now: the rules are currently NOT protecting my site and I’m trying to figure out why and how to fix it.

    One solution proposed by my ISP support is to start from scratch with the .htaccess file and methodically add in the rules to see what is causing the blacklist to fail (it appears to do nothing as described when I followed the suggestion to blacklist my own IP address).

    I’d like to try this systematic approach, but I’m a bit out of my depth.

    Plugin Contributor Prashant Baldha

    (@pmbaldha)

    @soober99 The Blacklist manager doesn’t work on a few servers. It is a known issue. We are rewriting the blacklist manager logic in a way so it can work on all server types. Currently, it is dependent on HTACCESS rules. We are porting it from the HTACCESS rules to a PHP-based firewall.

    Please accept my apologies for the inconvenience.

    You will get this resolution either next updated release or next to next updated release.

    Thanks.

    Thread Starter soober99

    (@soober99)

    This problem has continued and even amped up recently, with a new twist!
    The attempts to log-in are showing that they’re coming from MY IP address?
    Ug. I didn’t notice this and added the range to my blacklist and now I’m locked out. I logged into my site via ftp and restored the backup .htaccess file and I’m still locked out.

    So two problems
    – the barrage of failed login attempts from potential hackers and
    – getting back into my wordpress without having to wait several days (I made the lockdown period loooong in hope of slowing the onslaught).

    Any help most appreciated.
    Sue

Viewing 3 replies - 16 through 18 (of 18 total)
  • The topic ‘Blocking IP range using Blacklist Manager nor working’ is closed to new replies.