Non Brute Force Attacks

Hey @tommarino,

These are two different types of attacks. The brute force attacks are being blocked and locked out of the site by the Wordfence plugin. But XSS, SQL injection attacks and other this are being blocked by the Firewall. The requests are being blocked, not the IPs and this is done by the Firewall. There’s only so much we can do to prevent attacks, it’s more about making sure they aren’t successful, which it sounds like Wordfence is doing. Usually, after X amount of time with being unsuccessful, they’ll move on.

I hope this helps.

Thanks,

Gerroald

Hi Gerroald,
Staying on the same topic, how do we know that the attack is taking place? I am on the Live Traffic section and see BOT activities from Google, FB, Bing …. but how can I tell which is an attack and which is friendly?

Hi @danishhaidri,

What is your setting for How long is an IP address blocked when it breaks a rule?

If it’s a low value such as 1 hour, then when someone breaks the cross scripting or directory traversal rule, they will only be blocked for 1 hour.

When someone breaks brute force rules -> they are blocked from logging in for Amount of time a user is locked out

When someone breaks firewall rules -> they are blocked from accessing the site for How long is an IP address blocked when it breaks a rule

For example: https://i.imgur.com/MPtI5Ut.png

Dave

@wfgerald I think this would be a useful feature. If someone is attempting a XXS or SQL injection and the firewall is blocking it, I can’t imagine there isn’t a programmatic reason why Wordfence couldn’t add that IP to the block list.

Thank you for your response.