How to add IPs to the “Permanent Block List?”

Are you referring to this: https://app.screencast.com/isQQGdMWW9Q5o

If so, this list is automatically created/maintained by AIOS and not manually built by yourself. The list reflects those IP addresses that met the criteria you set in the User Security > Login Lockout screen (of AIOS). If a login attempt meets the criteria, it is blocked and added to the list. Presumably, the Country Blocking feature of AIOS premium behaves in a similar manner (although I don’t know for certain).

One cannot stop/prevent logon attempts as long as the website is online/operational, because one cannot control the behavior of others on the Internet. One may only configure the website to react to the attempt (via AIOS or equivalent software). This means that the Permanent Block List will typically have lots of entries.

Does this make sense?

• This reply was modified 1 year ago by Harry Hobbes.

Are you referring to this: https://app.screencast.com/isQQGdMWW9Q5o

Yes, that is the exact screen I was describing.

The list reflects those IP addresses that met the criteria you set in the User Security > Login Lockout screen (of AIOS). If a login attempt meets the criteria, it is blocked and added to the list.

I need to look into those settings to see where/what I can do to optimize/utilize this.

One cannot stop/prevent logon attempts as long as the website is online/operational, because one cannot control the behavior of others on the Internet. One may only configure the website to react to the attempt (via AIOS or equivalent software). This means that the Permanent Block List will typically have lots of entries.

Does this make sense?

Yes, THAT makes PERFECT sense! I’m current using the Audit Log to download a CSV file, then copy/paste the IPs to the Ban user list in the Blacklist manager. What a PITA!

THANK YOU for taking the time to respond in such a human way that even an old fart like me can understand!

• This reply was modified 1 year ago by JLewinski.

Unless you were “doin computers…” back in ’68 (1968, NOT 1868), you ain’t old.

Note that although the export to .csv works well, I’ve been unable to display the included numeric date/time field correctly within Microsoft Excel. If display of the date/time field in the spreadsheet works for you please advise how to format the field to properly display the field in the spreadsheet.

My first personal computing experience was in 1981 with a C=64 (MS-DOS). Ah, mammories =;^)

To be honest, I’ve never really concerned myself with the date/time field. But now that you bring it up, looks like I’ve got a new semi-obsession. It appears to be it’s some sort weird product of a calculation.

Hi @jlewinski

As Harry suggested you have to manually add Temporary and Permanent block list (both list accessible from WP Security > Dashboard) menu.

In extra of that you should cross-check stack trace for the audit log of “Failed login” is not XML RPC all wp_getUsersBlogs.

XML RPC call of wp_getUsersBlogs is trying to authenticate the user. – WP Security > Firewall > Basic firewall rules tab > Completely block access to XMLRPC , Disable pingback functionality from XMLRPC Please check both and Save.”

If stop user enumeration not on It might be the reason your admin username exposed – WP Security > Miscellaneous > User enumeration tab check there.

Regards

Hi hjogiupdraftplus, thanks for looking and replying!

If stop user enumeration not on It might be the reason your admin username exposed – WP Security > Miscellaneous > User enumeration tab check there.

Yeah, I had missed that one but it is fixed (ON) now.

In extra of that you should cross-check stack trace for the audit log of “Failed login” is not XML RPC all wp_getUsersBlogs.

XML RPC call of wp_getUsersBlogs is trying to authenticate the user. – WP Security > Firewall > Basic firewall rules tab > Completely block access to XMLRPC , Disable pingback functionality from XMLRPC Please check both and Save.”

I searched the log and couldn’t find any reference to “XML RPC -wp_getUsersBlogs.’ That’s good, right?

Should I go ahead and turn ON the option(s) to completely BLOCK all access to XMLRPC and pingback functionality anyway? Better safe than sorry?

“Better safe than sorry?”

Consider:

“Safe[ty]” resides in one place only: between the ears. That is, “safe” is a thought; nothing more.

In reality, the security of your website will always be accomplished as a tradeoff (or balance) of disabling access features and functionality, and convenience of use of the website. You get to implement the balance that meets your requirements.

In terms of the AIOS plugin (or equivalent), this means that you will be required to turn things on or off to find that balance required between locking things down and ease of use that you deem appropriate. Remember, the more lock-down, the less convenience. This balance will very much depend on the purpose of the website, and how you use the website. (For example, if you have lots of users, you have to consider their convenience of use.)

So from a website builder/administrator perspective, you might proceed by implementing each additional restriction on a step-by-step basis, until you find the balance that meets your requirements. (At some point, you will find a setting that “breaks” some feature or functionality of the website user interface, and you’ll have to make a [tradeoff] decision.)

Because one may export AIOS settings, one may “snapshot” settings at regular intervals, particularly when introducing additional settings. This also supports a step-by-step approach to implementing security.

Hi @jlewinski

You should cross-check WP Security > Dashboard > Audit logs – Failed login stack trace to know from where invalid login attempts are done.

IF it is standard wp-login.php you should rename an use captcha if any other front end login page use captcha.

If it is xmlrpc.php call and any other pluign not using XML RPC you may disable that feature.

Regards.

@hjogiupdraftplus Well said. I will definitly keep your words in mind moving forward.

Thanks, everyone! I think I’m beginning to get my “feeble” mind wrapped around this.

Let the eye of vigilance never be closed.

– Thomas Jefferson