Blocked Countries Are Showing Up as Blocked and Passed

  • Hello again,

    Sorry to bother you. I know you’re swamped with answering questions!

    I have already read through the best practices guide and configured my settings to Whitelist only US. Here is what I currently have set up:

    Back-end target settings

    Comment post: Block by country – ENABLED
    XML-RPC: Block by country – ENABLED
    Login form: Block by country – ENABLED FOR ALL TARGET ACTIONS
    Admin area: Block by country – ENABLED
    Prevent Zero-day Exploit – ENABLED

    Admin ajax/post: Block by country – ENABLED
    Prevent Zero-day Exploit – ENABLED
    No exceptions
    Plugins area: Block by country
    Force to load WP core – DISABLED
    Exceptions – NONE
    Themes area: Block by country
    Force to load WP core – DISABLED
    Exceptions – NONE

    Front-end target settings

    Public facing pages: Block by country – ENABLED
    Matching rule: Follow “Validation rule settings”
    Validation target: All requests
    UA string and qualification: Set to default values
    DNS reverse lookup: Disabled
    Simulation mode Enable

    Note: all other settings were kept as default (no modifications made from me).

    When I look at the Validation logs, I notice different IP addresses for two countries (CN and FR) are being blocked and also passed depending on the request.

    For example, 106.120.161.68 CN shows as “blocked” for “public” target. Here are the details:

    Request
    GET[443]:/
    User agent
    Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)
    HTTP headers
    HTTP_REFERER=https://resurrectedhair.net/
    $_POST data

    However, 180.76.15.138 CN shows as “passed” for “public” target. Here are the details:

    Request
    GET[443]:/?C=M;O=A
    User agent
    Mozilla/5.0 (compatible; Baiduspider/2.0; +https://www.baidu.com/search/spider.html)
    HTTP headers

    Another example, is 62.210.110.181 FR showing as “blocked” for “public” target. Here are the details:

    Request
    GET[443]:/
    User agent
    Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36
    HTTP headers
    HTTP_REFERER=https://burger-imperia.com/
    $_POST data

    However, 91.121.86.136 FR shows as “passed” for “public” target. Here are the details:

    Request
    GET[443]:/phptest.php
    User agent
    Mozilla/5.0 (compatible; MJ12bot/v1.4.7; https://mj12bot.com/)
    HTTP headers
    $_POST data

    Do you know why this is happening? So far, I am only noticing this problem with CN and FR. Only 1 IP address for each of those problematic countries gets passed. There are a few more other blocked IP addresses for those countries which I didn’t include herein for the sake of brevity.

    Also, I am not sure if this may be the culprit, but I noticed as soon as I activated your plugin before I made any changes, I got a PHP error in my log file. It reads:

    PHP Warning: PharData::__construct(): open_basedir restriction in effect. File(/…/…/html) is not within the allowed path(s): (the paths specified in open_basedir) in /…/…/…/…/…/…/…/ip-geo-block/classes/class-ip-geo-block-cron.php on line 352. The three “…” are only used to truncate the entire file path for ease of readability.

    Line 352 in the cron.php file reads: $data = new PharData( $src, FilesystemIterator::SKIP_DOTS ); // get archives

    My current open_basedir file paths are set in my domain name subfolder one level down from the html folder.

    Should I change the open_basedir file paths to /…/…html as opposed to /…/…/html/mydomainname?

    Sorry for the long post. Just wanted to make sure you had all the relevant details to help with your response!

    Thank you again!

    All my best,

    Joe

Viewing 1 replies (of 1 total)
  • Plugin Author tokkonopapa

    (@tokkonopapa)

    Hi Joe,

    Thank you for your reading my documentations. Indeed, I have to get a skill for technical writing and those docs should be re-written for the user’s perspective.

    Anyway, I’ll try to answer your questions:

    1. Your issue (but not only you) is cause by “UA string and qualification” which purpose is completely opposite to your demand. Please refer to this doc in order to know the purpose. It assumes that if a domain name can be retrieve from an IP address of bot by DNS reverse lookup, then the bot is not bad. But it’s not always true. In your case, the rules bot:HOST and spider:HOST are the cause of the issue. So please try to remove those. I think your site may be safe (i.e. not too much blocking) while you enable “Simulation mode“.

    2. Downloading Geolite2 database needs the temporary directory on your server to unzip the archived files. The temporary directory is decided by get_temp_dir() and it is usually outside of the document root such as /tmp/ or /var/tmp/. I think you need to add the tmp directory to “open_basedir“. But WordPress already uses it very often. So if the warning is caused only by this plugin, PharData might be the cause. So I’ll keep to investigate this issue.

    If you failed to download Geolite2 free databases, please download them manually and place it under ip-geo-api/maxmind/GeoLite2/ in the directory of Geolocation API library.

    I’ll keep this topic open until I found the solution.

    Thank you for the detailed information and reporting!

Viewing 1 replies (of 1 total)
  • The topic ‘Blocked Countries Are Showing Up as Blocked and Passed’ is closed to new replies.