Banned from Site

Hi,

Did you change the firewall default message[1] displayed to blocked users, because “You have been Banned from this Site” is not a NinjaFirewall message?
If you didn’t change it, you may be blocked by another application.

[1] Default message is:

Sorry x.x.x.x, your request cannot be processed.
For security reasons, it was blocked and logged.

[NinjaFirewall logo]

If you believe this was an error please contact the
webmaster and enclose the following incident ID: xxxxxx

When installing the firewall on a new site, I recommend to run it in debug mode to prevent problems. See: https://blog.nintechnet.com/testing-ninjafirewall-without-blocking-your-visitors/

• This reply was modified 7 years, 1 month ago by nintechnet.

Wow! Okay… But I have never had this issue before this (NinjaFirewall is a new plugin), I did not change the default message. I’m on Bluehost VPS server. I may need to do a lot more investigating, apparently… But if you are sure if all security settings are set to “On”, and this doesn’t cause such a message (from somewhere else), then okay. I do have “iThemes Security Pro” installed (again, settings maxed out)… BACKGROUND: it appears I’m constantly under attack from malware…which is trying setting up email spam, apparently. So that’s why the high level of security needed. Thanks! I’ll let you know more about this “banned” issue during my tests. I’ll leave the site “as is” for now and see…NinjaFirewall set to default…and iThemes maxed. Thanks again.

100% sure it is not a NinjaFirewall message.
In fact, even the word “banned” is never used in NinjaFirewall WP because it does not ban anyone. It blocks the request, but does not ban the user or the IP.
It could indeed come from iThemes Security Pro (I’m not familiar with it at all), due some kind of conflict. NinjaFirewall does a lot of work to each incoming request, before they reach the blog or your plugin. Maybe iThemes does not like this?

Thanks for your info. FYI – Simply restoring a recent backup of my SQL data tables, gets me back up and running…so something is being recorded (injected) into one of my tables…and it does happen only when I set NinjaFirewall to “max”…as far as I can tell…that is a trigger, ’cause it’s happened twice. Since I’ve reset my site to NinjaFirewall “defaults”, I’ve not had any issues.

Just curious if you think your default settings are really all I need to keep hackers from adding & modifying files and folders on my site. That’s my need for your firewall. Thank you!

The default settings are quite enough for most sites.
I would add:
-Enable File Guard.
-Enable File Check + hourly scheduled scan.
-Firewall Policies:
1. “Block direct access to any PHP file located in one of these directories” : enable the “*/cache/*” option.
2. Enable “Disable the plugin and theme editor”.
3. Enable “Block serialized PHP objects”.
-Enable “Login Protection”.
-“Updates” enable it with hourly updates to keep your rules up to date.

Don’t forget to enable “Firewall Options > Debugging” after making those changes. Then log out of the dashboard (so that you are no longer whitelisted by the firewall) and make sure the site is running ok. Then log in again and check the firewall log. If you don’t see any error/false positive, then disable the “Firewall Options > Debugging”.

Thank you! I’ve got all your recommendations set and there are no false positives. Hopefully, this will protect my site from the malicious activities I’ve experienced recently. I’ll update this post later with my status after the next week. Thanks again!