Call for testing 3.0.0 beta – Blocking on front-end

You can test it using https://www.geoscreenshot.com/capture which is a convenient tool to preview how your webpage looks in multiple locations.

Thanks.

@tokkonopapa – I’m still down to test some time, I was out on vacation the last time I got your request. Please keep in mind for future releases.

Cheers

JC

Hi JC,

I’m very thank you for your responding! I believe that you had a wonderful vacation.

Please never mind my request. I think it takes certain time until I finalize the beta version and decide to release RC ?? So at any time I’ll welcome any opinions or discussions from anyone!

Thanks.

Hi tokkonopapa,

Got the WordPress-IP-Geo-Block-3.0.0b installed. Tested using https://www.geoscreenshot.com/capture and some other tools it seems like the blocked countries are still able to view the front-end. Settings below. (tested countries are China, Germany and India)

Front-end target settings (beta)

Pubic facing pages: Block by country (checked)
Matching rule: Whitelist
Whitelist of country code: US,CA,

Thank You

Hi bruceworg390,

Hum… Do you use caching plugin? If so, please read Living with caching plugin.

If not, please select “Unauthorized user” as “Record validation logs” at “Record settings“, and access your site from undesired country. Then check if there’s a footprint at “public facing pages” in “Logs” tab. If it exists but shows “passed”, something is wrong. If it doesn’t exist, then that access doesn’t reach to WordPress core.

Sorry for bothering you. Thanks.

• This reply was modified 8 years, 1 month ago by tokkonopapa.

Hi tokkonopapa,

We not are using caching plugins however, we are on a hosting company that has server-end caching activated for WordPress. Any other configurations you recommend other than Record validation logs?

Thank You

Huh, your case is

If it doesn’t exist, then that access doesn’t reach to WordPress core.

When you access your site, PHP code never be executed if cache hits. Unfortunately, your hosting cache mechanism and this kind of plugin never coexist on front-end.

I’ve been testing it about a month now. So far, so good. Actually, very good. My site is the target of a malicious attack yesterday. Over 2,000 attempts trying to break in, still ongoing today. When I view the log, most attempts are under the XML-RPC. What does this mean? Thank you.

Hi verityr, I’m very grad to hear from you again!

XML-RPC accept some commands (i.e. Remote Procedure Call) such as “pingback.ping” for pingback, or “wp.getUsers” for getting user list. Such commands (except pingback) needs a valid user name and a password.

If you find <methodName>pingback.ping</methodName> in the XML-RPC logs, it is pingback. But if you find <methodName>wp.getAuthors</methodName> for example, then it is same as login attempt to the wp-login.php. In this case, you can find user name and password followed by the method name.

If those accesses were blocked, then you don’t worry about password cracking.

Note: I recommend you to re-install beta version again because I updated it yesterday. Please refer to “how to install” at the top of this topic to do it.

Thanks.

• This reply was modified 8 years, 1 month ago by tokkonopapa.

Congratulations on a successful plugin because the other day it managed to bounce over 2,400 attempts at breaking into my site. I got paranoid so I changed the maximum attempts before blocking to “1”. In the XML-RPC log from the other day, I see mostly <methodName>wp.getUsersBlogs</methodName>. What does that mean?

Today, I have about 20 attempts under Admin Area from a Russian Federation IP bouncing around my plugin folders and files, all showing “extra” as the result. Does this mean this IP is not being blocked right away?

I will upload your new plugin now, thank you.

Hi verityr,

I see mostly <methodName>wp.getUsersBlogs</methodName>. What does that mean?

It’s an attempt to get all home urls of multisite. If that attempts would be successful, then the attacker can get more urls as their targets. If you want to get quiet, “Completely close” for XML-RPC is a good choise unless you need pingback and other remote services like Jetpack.

Does this mean this IP is not being blocked right away?

No. Probably you put some IP addresses into “Blacklist of extra IP addresses prior to country code” and all those IPs were blocked. All the “Result” in the “Logs” indicate that they were blocked except passed. So don’t worry.

Well, everyday I’ve got several hundreds of malicious requests in my site same as yours. So I can understand your feelings when you found what are going on the back-end. But your don’t need to be too much anxious about these. I think

1. Make your password strong
2. Make everything up-to-date
3. Backup your site regularly
4. Check integrity of your site regularly

are the basics for security. And applying some kind of firewall like this plugin is the last step to reduce the risk of hacking.

Good luck.

I must say thanks to all of the people who had cooperated to test a beta version!