xmlrpc.php and nextgen gallery lightroom plugin

Hi,

Do you have a sample line(s) from the firewall log that would show the blocked request? That would help to understand how it is blocked.

Here’s an example from a live log.
1. I create a gallery from Lightroom. It works, but then tells me I’m blocked.
2. After the timeout period, I try to upload a bunch of images. It succeeds but gives me the blocked by host message from the plugin again.

HTH
Richard

[22/Mar/16:16:45:48 +0000] – xxx.xxx.xxx.xxx “POST /xmlrpc.php” “-” “Lightroom/6.4 CFNetwork/760.4.2 Darwin/15.4.0 (x86_64)” “-” “domain.name”
[22/Mar/16:16:46:41 +0000] – xxx.xxx.xxx.xxx “POST /wp-admin/admin-ajax.php” “https://domain.name/wp-admin/” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/601.5.17 (KHTML, like Gecko) Version/9.1 Safari/601.5.17” “-” “domain.name”
[22/Mar/16:16:48:46 +0000] – xxx.xxx.xxx.xxx “POST /wp-admin/admin-ajax.php” “https://domain.name/wp-admin/” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/601.5.17 (KHTML, like Gecko) Version/9.1 Safari/601.5.17” “-” “domain.name”
[22/Mar/16:16:50:47 +0000] – xxx.xxx.xxx.xxx “POST /wp-admin/admin-ajax.php” “https://domain.name/wp-admin/” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/601.5.17 (KHTML, like Gecko) Version/9.1 Safari/601.5.17” “-” “domain.name”
[22/Mar/16:16:51:15 +0000] – xxx.xxx.xxx.xxx “POST /xmlrpc.php” “-” “Lightroom/6.4 CFNetwork/760.4.2 Darwin/15.4.0 (x86_64)” “-” “domain.name”
[22/Mar/16:16:51:17 +0000] – xxx.xxx.xxx.xxx “POST /xmlrpc.php” “-” “Lightroom/6.4 CFNetwork/760.4.2 Darwin/15.4.0 (x86_64)” “-” “domain.name”
[22/Mar/16:16:51:19 +0000] – xxx.xxx.xxx.xxx “POST /xmlrpc.php” “-” “Lightroom/6.4 CFNetwork/760.4.2 Darwin/15.4.0 (x86_64)” “-” “domain.name”
[22/Mar/16:16:51:50 +0000] – xxx.xxx.xxx.xxx “POST /xmlrpc.php” “-” “Lightroom/6.4 CFNetwork/760.4.2 Darwin/15.4.0 (x86_64)” “-” “domain.name”
[22/Mar/16:16:51:52 +0000] – xxx.xxx.xxx.xxx “POST /xmlrpc.php” “-” “Lightroom/6.4 CFNetwork/760.4.2 Darwin/15.4.0 (x86_64)” “-” “domain.name”
[22/Mar/16:16:51:54 +0000] – xxx.xxx.xxx.xxx “POST /xmlrpc.php” “-” “Lightroom/6.4 CFNetwork/760.4.2 Darwin/15.4.0 (x86_64)” “-” “domain.name”
[22/Mar/16:16:51:58 +0000] – xxx.xxx.xxx.xxx “POST /xmlrpc.php” “-” “Lightroom/6.4 CFNetwork/760.4.2 Darwin/15.4.0 (x86_64)” “-” “domain.name”
[22/Mar/16:16:52:00 +0000] – xxx.xxx.xxx.xxx “POST /xmlrpc.php” “-” “Lightroom/6.4 CFNetwork/760.4.2 Darwin/15.4.0 (x86_64)” “-” “domain.name”
[22/Mar/16:16:52:02 +0000] – xxx.xxx.xxx.xxx “POST /xmlrpc.php” “-” “Lightroom/6.4 CFNetwork/760.4.2 Darwin/15.4.0 (x86_64)” “-” “domain.name”
[22/Mar/16:16:52:06 +0000] – xxx.xxx.xxx.xxx “POST /xmlrpc.php” “-” “Lightroom/6.4 CFNetwork/760.4.2 Darwin/15.4.0 (x86_64)” “-” “domain.name”
[22/Mar/16:16:52:08 +0000] – xxx.xxx.xxx.xxx “POST /xmlrpc.php” “-” “Lightroom/6.4 CFNetwork/760.4.2 Darwin/15.4.0 (x86_64)” “-” “domain.name”
[22/Mar/16:16:52:09 +0000] – xxx.xxx.xxx.xxx “POST /xmlrpc.php” “-” “Lightroom/6.4 CFNetwork/760.4.2 Darwin/15.4.0 (x86_64)” “-” “domain.name”
[22/Mar/16:16:52:13 +0000] – xxx.xxx.xxx.xxx “POST /xmlrpc.php” “-” “Lightroom/6.4 CFNetwork/760.4.2 Darwin/15.4.0 (x86_64)” “-” “domain.name”
[22/Mar/16:16:52:15 +0000] – xxx.xxx.xxx.xxx “POST /xmlrpc.php” “-” “Lightroom/6.4 CFNetwork/760.4.2 Darwin/15.4.0 (x86_64)” “-” “domain.name”
[22/Mar/16:16:52:16 +0000] – xxx.xxx.xxx.xxx “POST /xmlrpc.php” “-” “Lightroom/6.4 CFNetwork/760.4.2 Darwin/15.4.0 (x86_64)” “-” “domain.name”
[22/Mar/16:16:52:20 +0000] – xxx.xxx.xxx.xxx “POST /xmlrpc.php” “-” “Lightroom/6.4 CFNetwork/760.4.2 Darwin/15.4.0 (x86_64)” “-” “domain.name”
[22/Mar/16:16:52:22 +0000] – xxx.xxx.xxx.xxx “POST /xmlrpc.php” “-” “Lightroom/6.4 CFNetwork/760.4.2 Darwin/15.4.0 (x86_64)” “-” “domain.name”
[22/Mar/16:16:52:24 +0000] – xxx.xxx.xxx.xxx “POST /xmlrpc.php” “-” “Lightroom/6.4 CFNetwork/760.4.2 Darwin/15.4.0 (x86_64)” “-” “domain.name”
[22/Mar/16:16:52:28 +0000] – xxx.xxx.xxx.xxx “POST /xmlrpc.php” “-” “Lightroom/6.4 CFNetwork/760.4.2 Darwin/15.4.0 (x86_64)” “-” “domain.name”
[22/Mar/16:16:52:30 +0000] – xxx.xxx.xxx.xxx “POST /xmlrpc.php” “-” “Lightroom/6.4 CFNetwork/760.4.2 Darwin/15.4.0 (x86_64)” “-” “domain.name”
[22/Mar/16:16:52:31 +0000] – xxx.xxx.xxx.xxx “POST /xmlrpc.php” “-” “Lightroom/6.4 CFNetwork/760.4.2 Darwin/15.4.0 (x86_64)” “-” “domain.name”
[22/Mar/16:16:52:33 +0000] – xxx.xxx.xxx.xxx “POST /xmlrpc.php” “-” “Lightroom/6.4 CFNetwork/760.4.2 Darwin/15.4.0 (x86_64)” “-” “domain.name”
[22/Mar/16:16:52:35 +0000] – xxx.xxx.xxx.xxx “POST /xmlrpc.php” “-” “Lightroom/6.4 CFNetwork/760.4.2 Darwin/15.4.0 (x86_64)” “-” “domain.name”
[22/Mar/16:16:52:49 +0000] – xxx.xxx.xxx.xxx “POST /wp-admin/admin-ajax.php” “https://domain.name/wp-admin/” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/601.5.17 (KHTML, like Gecko) Version/9.1 Safari/601.5.17” “-” “domain.name”

Did you disable the “Apply the protection to the xmlrpc.php script as well” in the “Login Protection” page? It looks like it is enabled with the brute-force protection and hence it is triggered when you reach the threshold.

Also, check this message where I explained the 3 XMLRPC protections: https://www.ads-software.com/support/topic/cannot-use-ios-wordpress-app-after-ninja-firewall-installed?replies=3#post-8182331