AbLeads

And here is ours

Hi,

Following an increased number of attack attempts from IPs that aren’t recognized by wp-cerber’s access list, we did a little more digging into why some IPs are blocked fine and why some aren’t. Amongst hundreds of IPs tested, it turns out that none will work if the first part of the IP is above 126. As said previously, subnet and wildcard searches for those IPS won’t work either.

It seems that class A IPs only are blocked as expected ?

Thank you, we are aware of that. We do have 5 IPs in the white access list, none of which should interfere with any of the 115 IPs in the black list.

Are we the only ones facing that issue?

If there is no fix you can think of, we’ll give a go at another security plugin at some point for comparison and let you know if that solves the problem

Hey Gioni,

Thanks for your kind reply. Sorry for not being clearer, when I click on those IP addresses I do see recent activity, requests, or both. However, when I click “Check for activity” or “Check for requests” next to “Network” (below IP), then both tabs will indicate “No activity has been logged.” AND “No requests have been logged.” Then I know for sure that blacklisting them will do nothing.

A fresh example just a few minutes ago: 188.40.151.103 from Germany:
3 logs in activity: Request to REST API denied
3 logs in traffic inspector: Get REST API / HTTP 403 Forbidden
Click Add IP to the Black List
“Address 188.40.151.103 was added to Black IP Access List”
No black square gets added by the IP address in traffic inspector or activity tabs
Black IP Access List –> 188.40.151.103
Check for activity: 3 logs are there, no black square
Check for requests: 3 logs again, no black square

Wild card test:
Add 188.40.151.* to blacklist
“Address 188.40.151.* was added to Black IP Access List”
Check for activity: “No activity has been logged.”
Check for requests: “No requests have been logged.”

Just as a reminder, this issue only happens with about 30% of IPs in access lists