How to automaticly block Ip after x attemps ?

  • Resolved japjapjap

    (@japjapjap)


    5 years, 5 months ago

    Hello,
    i had some attack today and got an email. I’am wondering, this guy can execute about 130 attacks over the last 10 minutes from the same ip !!!!?????

    How can i setup that after 10!? very fast attemps the ip get blocked ?

    I don’t get it and wondering why this happend. I thought your plugin will detect this and block it ?

    b. regards

Viewing 6 replies - 1 through 6 (of 6 total)

  • Hey @japjapjap,

    I understand how frustrating and alarming seeing these attacks can be.

    Can you please share a little more information about the attack details from the emails?

    If it’s a brute force attack, you can adjust your Brute Force Protection settings in Wordfence > All Options > Enable Brute Fore Protection.

    Please let me know.

    Thanks,

    Gerroald

    Thread Starter japjapjap

    (@japjapjap)

    edit: my bad,
    he got blocked, is written in the email.

    All 143 attacks are from the same IP!

    The Wordfence Web Application Firewall has blocked 143 attacks over the last 10 minutes. Below is a sample of these recent attacks:

    Oktober 23, 2019 11:18am xxxxxxx (Iran, Islamic Republic of) Blocked for Hybrid Composer <= 1.4.5 – Unauthenticated Options Update
    Oktober 23, 2019 11:17am xxxxxxx (Iran, Islamic Republic of) Blocked for Hybrid Composer <= 1.4.5 – Unauthenticated Options Update
    …………….
    …………

    But I thought, if i block someone he can’t do anything from that ip anymore.
    Only for request overloading to kill the server.

    But it sounds like in the e-mail he could execute all attacks and then got blocked everytime again.

    I thought attackers will see if the Ip is blocked ? probaply they do this on many sites and don’t look at each specific, okay

    • This reply was modified 5 years, 5 months ago by japjapjap.
    • This reply was modified 5 years, 5 months ago by japjapjap.
    • This reply was modified 5 years, 5 months ago by japjapjap.

    Hey @japjapjap,

    This means the Wordfence Firewall is blocking the attack. It’s not banning the IPs, this will need to be done manually. However, it’s not always a good idea to block IPs used in attacks because often they’re legitimate “highjacked” IPs being used in the attack. There’s more information about this in the article below.

    https://www.wordfence.com/blog/2017/11/should-permantly-block-ips/

    Thanks,

    Gerroald

    Thread Starter japjapjap

    (@japjapjap)

    Okay, but why manually, this will never be effective in my situation.
    Does it work on premium with automatic banning ?

    b. regards

    Hey @japjapjap,

    The Premium version does not support this either. If you blocked every single IP that was used in an attack you’d likely end up blocking legitimate IPs that have been used in the attack. There’s only so much we can do to prevent attacks, it’s more about making sure they aren’t successful, which it sounds like Wordfence is helping with.

    THanks,

    Gerroald

    Hey @japjapjap,

    We haven’t heard back from you in a while, so I’ve gone ahead and marked this thread as resolved.

    Please feel free to open another thread if you’re still having issues with Wordfence.

    Thanks,

    Gerroald

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘How to automaticly block Ip after x attemps ?’ is closed to new replies.