Dashboard Block List

  • Resolved sandbox2800

    (@sandbox2800)


    1 year, 9 months ago

    What exactly does the top 5 IPs blocked on the dashboard represent?

    Yesterday, I noticed an IP was blocked from Spain. This seemed interesting to me since all traffic goes through Cloudflare and Cloudflare is blocking all IP traffic outside of the US.

    Then today, I ran a WP Scan through Kali Linux on my site to check for security holes. My IP address popped up to the top of the list with 169 blocks (the next highest was 8). But of course, I was not blocked from accessing my site/admin.

    I do have my IP listed as being excluded from live traffic but my IP showed up under live tracking as being blocked.

    So I ask, what does it actually block? If the plugin claims to be blocking something, but I can see that it isn’t, how do I every truly trust it.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @sandbox2800, thanks for your question.

    IP location detection will never be 100% accurate in all cases as IP addresses change constantly. We update the geoIP database as often as we can but it’s entirely possible that Cloudflare considered the IP inside of the US and Wordfence didn’t at that time.

    If you found that your IP wasn’t subject to the block times contained in Wordfence > All Options > Brute Force > Amount of time a user is locked out and Wordfence > All Options > Rate Limiting > How long is an IP address blocked when it breaks a rule?, it’s because some WAF rule blocks aren’t assigned a block expiration time. These in turn never appear on the Firewall > Blocking page for you to review.

    You may be able to filter your Live Traffic page to find out the reason why the WAF blocked your IP 169 times, although I suspect the reason would be connected in some way to the probing/scanning being done. Expanding an entry by clicking on it will show a block reason in red text.

    Let me know what you find out!
    Peter.

    Thread Starter sandbox2800

    (@sandbox2800)

    @wfpeter

    Apparently my reply didn’t post the other day.
    I understand the GeoIP could be different so I didn’t give that much thought. It was when my IP was listed as blocked that I actually questioned what is being blocked.

    For “Amount of time a user is locked out” I’m set at 1 day.
    For “How long is an IP address blocked when it breaks a rule” I’m set at 2 hours.
    For “Live Traffic” and the reason it was blocked is 100% due to scan I ran. It logged as a bot.

    None of those answer the original question though. So the bot scan I did, blocked my IP because of the malicious scan, it should have been blocked for anywhere from 2 hrs to 1 day depending on what setting it falls under. However, it wasn’t blocked, at all! I was logged in at the time of the scan and even logged out within a couple minutes of the scan to test logging back in.

    At the end of the day, the dashboard “claims” to have blocked my IP address but I had full access to the website, admin dashboard, and any other aspect of the page. SO what does it really block? Seems to me it is more of a false sense of security.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Dashboard Block List’ is closed to new replies.