Multiple 503 But Not Added to Block List

  • Resolved neil677

    (@neil677)


    1 year, 8 months ago

    Hi – Im sure this question has been asked before – but I have seen multiple attempts from the same IP address ending in 503 but the IP isn’t added to the IP block list
    Is says for example:

    Activity Detail

     Germany was blocked by Wordfence Security Network at https://website.co.uk/wp-login.php

    09/03/2023 07:57:54 (34 minutes ago)

    IP: 46.165.203.33 Hostname: 46.165.203.33

    Human/Bot: Human

    Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.16 Safari/537.36

    This happened 25 times but the IP wasn’t added to the block IP address

    I also have the same question for “blocked by firewall for Known malicious User-Agents at”
    Are these blocked but not permanently blocked?
    Is there a setting to permanently block them?

    • This topic was modified 1 year, 8 months ago by neil677.
Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @neil677, thanks for your question.

    Automatic or manual blocks via Live Traffic will block an IP for the duration you have specified under Wordfence > All Options > Rate Limiting Rules > How long is an IP address blocked when it breaks a rule, which could be as low as 5 minutes. You can increase this value to hours or even days to try stemming the flow of retries if you’re noticing a lot of activity from certain IPs.

    During the timescale specified in the above setting, they’ll appear on the list in the Wordfence > Blocking page. It is possible to click the “Make Permanent” button here after checking the box next to one or more IPs. However, it’s important to note that Wordfence does all of the important blocking automatically so you don’t have to. It may be tempting to permanently block these when you see them but it’s generally an ineffective strategy, taking up your time. Wordfence considers intent of an IP’s request to your site when blocking, so increasing the time they’re blocked before they can retry might be the best deterrent.

    Thanks,
    Peter.

    Thread Starter neil677

    (@neil677)

    OK i think I may have an issue
    1. IPs are allowed several every minute (my Rate limiting is 5 minutes)
    2. I also added this IP manually ti the block list an hour ago and it has since removed it self – so I may have an issue here

    I may be having similar issues. I created a separate topic, but reading this, we may be experiencing the same bug, so I’ll summarize what I said here as well.

    I recently got an email from a client asking for help, they were locked out of their own site. I logged in and checked the WordFence logs, and verified the client had exceeded the maximum number of failed login attempts. These types of bans are set to last 24 hours and the ban occurred about 90 minutes before I saw the email and investigated.

    I don’t know if the ban is still in effect or not, but it’s not showing up in the list of banned IPs, and I can’t manually lift or verify the ban still exists. Either the list is failing to report blocked IPs or they’re being quickly scrubbed from the list.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Multiple 503 But Not Added to Block List’ is closed to new replies.