Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Latest post by nicholas on Friday, 28 July 2023 16:26 CDT
Good Morning,
I have a Wordpress site that is using Admin Tools 1.6.1. When I review the documentation, it is different than what is installed. For example so not have Auto IP Blocking Administration. I am only able to block via the Security Exceptions Log. I'm not sure what is installed. Where is the block list found?
Thanks
Ed.
Hello,
just to be sure, did you install the professional version of Admin Tools?
Davide Tampellini
Developer and Support Staff
🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
I am not sure what version was installed. All I can tell it is Admin Tools 1.6.1.
There are two editions of Admin Tools: the free of charge Admin Tools Core and the subscription-based Admin Tools Professional. Purchasing a subscription does not convert the Core into the Professional version. You can see which one you have in your site's Plugins page. If you have Admin Tools Core you need to uninstall it, download Admin Tools Professional from our site (you need to be logged in) and install it.
Automatic IP blocking is managed, well, automatically and based on the settings in Admin Tools, Web Application Firewall, Configure WAF, see the options under Auto-Ban. Admin Tools, Web Application Firewall, Auto-IP blocking administration shows you the IP addresses which are currently temporarily banned from accessing your site. The Admin Tools, Web Application Firewall, Auto IP Blocking History shows you the history of these automatic blocks. When a temporary block becomes permanent it is added to Admin Tools, Web Application Firewall, Site IP Blacklist; that's the same place where you can manually add / remove IP addresses to be blocked on your site.
Don't try to interfere with the automatic IP blocking. Let Admin Tools handle it. That's the whole point of it being automatic. The idea is that Admin Tools will not block an IP address right away. First, it will note that this IP address did something potentially malicious; that's the Blocked Requests Log. If the same IP keeps doing potentially malicious things many times within a short period of time they get temporarily blocked i.e. they are added to the Auto IP Blocking Administration list, and they get a record in the Auto IP Blocking History as well. After a while, the record in the Auto IP Blocking Administration list (but NOT in the Auto IP Blocking History!) will be removed automatically, therefore they can access the site again. If the same behaviour continues they get their IP temporarily auto-banned again, i.e. a new record in both the Auto IP Blocking Administration list and the Auto IP Blocking History. If they keep getting temporarily IP banned i.e. they have too many Auto IP Blocking History records in short period of time the IP gets permanently blocked, i.e. it's added to the Site IP Blacklist. They will never be removed automatically from there; you will have to either do it yourself on that page, or use the Unblock An IP feature.
There is a very good reason for IP blocking to work this way, and why we tell you not to interfere. Remember, some of the Blocked Request Log entries (and, inevitably, some of the Auto IP Blocking Administration records) will be false positives, i.e. people who messed up and got their IP address blocked without actually being malicious. These will get temporarily blocked, but ultimately they will regain access to the site. Malicious bots and malicious actors, on the other hand, tend to do naughty things very fast (since they are trying to hack sites in bulk); they will therefore trigger the automatic permanent block and will thus not bother you again.
If you start freaking out and block every IP you see in the Auto IP Blocking Administration or, worse, in the Blocked Request Log you will end up blocking legitimate users who merely got confused.
I know it sounds a bit counter-intuitive, but that's how all automatic IP blocking works. Your web host probably does something similar with mod_security2 on their Apache web server blocking potentially malicious requests and something like fail2ban analysing the logs of which IPs got blocked to determine temporary and permanent IP bans. You don't double guess this mostly because you don't even know it's there. You should the same with Admin Tools; trust it to do its job.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
The Core version does Auto IP blocking and you can block IP from the Security Exceptions Log but does not provide a way to view the block list?
Now I understand your question.
You do not have a subscription, therefore you can only have the Core version.
The documentation is for the Professional version. There's a warning early on which tells you that some of the features discussed are only present in the Professional version.
The Core version does not do IP blocking, at all. Not automatic, not manual.
The Core version only does request blocking. Repeatedly blocked requests are not automatically blocked.
So, sure, what you read in the documentation does not apply to the Core version. There is no IP blocking there.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
So these mails sent are lying?
Subject: Automatic IP blocking notification for 138.99.112.201 on XXXX
We would like to notify you that a security exception was detected on your site, XXXX, with the following details:
IP Address: 138.99.112.201 (IP Lookup: IP Lookup)
Reason: SQLi Shield
If this kind of security exception repeats itself, please log in to your site\'s back - end and add this IP address to your Admin Tools\'s Web Application Firewall feature in order to completely block the misbehaving user.
Best regards,
Also The subject of the above is a email Security exception on XXXX
The above email is followed up with
Subject: Automatic IP blocking notification for 138.99.112.201 on XXXXX
We would like to notify you that the IP address 138.99.112.201 is now blocked from accessing your site, XXXXX, with the following details:
IP Address: 138.99.112.201 (IP Lookup: IP Lookup)
Reason: Auto-banned IP address
Banned until: 2023-07-28 07:38:38
If this is your own IP address and you can no longer access your site please follow our instructions to temporarily disable Admin Tools' Web Application Firewall and clear the automatic IP ban.
Also on the Security Exceptions Log it has a button to add to Blacklist. Does this not work?
No, it does not do anything in the Core version. It adds the IP to the blacklist, but the blacklist is not used in the Core version, nor can it be managed from the interface.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.
Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!