Could it be that the "reason" for most of the attacks I get is shown as "template: in URL"?
That's correct. The password is included only for failed logins. It is not included for any other blocking reason since the attacker didn't provide a password during this attack. Makes perfect sense, doesn't it?
The second question is: Even though I have carefully read through the ADMIN TOOLS' documentation on how to get a BLOCK of a dynamic IP address to blacklist, but it seems after blocking this dynamic IP address: 180.76.5.192 (with its BLOCK being 180.76.1.0/24), I sometimes keep getting attacks from the same IP address with the first two (as in 180.76._._ ) always maintained but with the last two (which I have replaced with the underscore or dashes (as in 180.76._._) always changing. There are some others, too.
You didn't read the documentation carefully enough or got confused with all the geekspeak :) You should specify the blocked IP as:
180.67.
(mind the last dot!) or
180.67.0.0/255.255.0.0
(that's a simple netmask, which is still quite geeky) or even
180.67.0.1-180.67.0.255
(that's the most human friendly way!) I don't know where underscores and dashes came from, but it's not from our documentation.
Pardon my ignorance or naivety, but when you check in any Web Host Management (WHM) of where to blacklist ip addresses, they also give an example of a block of an IP address as 10.0.0.0/8 and I'm just confused as to which I should use.
Jargon warning: this is called a Classless Inter-Domain Routing (CIDR) notation, see http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing This is the geek way of writing down IP ranges.
However, if you are not a network admin or an alpha geek trying to prove to the world that you
can write what seems like gibberish and still make it work (sort of) I would recommend staying away from CIDR notation and using one of the mere mortal-friendly notations I gave you above. Seriously, I don't use CIDR notation myself unless I want to impress other geeks. On my sites I prefer the simpler notation which I can read even when I'm sleepy and trying to make sense of a problem from a tiny smartphone screen. Simple is good. Complex is, um, doubleplus ungood ;)
Sorry my mathematics is not good as I have tried the online calculation of a block of a dynamic IP address but still can't seem to get it.
You are not alone! The proper way to calculate them is to transform both the IP and mask in binary (argh!) and do the OR operation. Seriously, I can't think of worse ways to torture humans and I am aware of such things as waterboarding and every other torture method so graphically portrayed in the TV series "24". Joking aside, use the most human friendly way to annotate IP ranges which is starting address, dash, ending address. For example: 192.168.1.0-192.168.200.123 is very straightforward and does exactly what you think it does. Yep, that's what I use myself. It's the best example of applying the KISS (Keep It Simple and Stupid) rule.
I hope that helps!
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!