Constantly being locked out of my own site – again!

  • Resolved GraceyS

    (@graceys)


    8 years, 10 months ago

    The firewall is constantly locking me out of even “viewing” my own site. I’m not trying to login even, just viewing it publicly on the web and I get this notice:

    “You have been blacklisted by the wordpress firewall security plugin”. You have tripped the firewall security defenses a total of 2 times. If you believe this to be in error … blah, blah, blah”

    So, the thing is … this was my FIRST visit to my website’s homepage (www.free-3d-textures.com) today. And I wasn’t trying to login, just view the home page.

    I was there because this has happened 3 times in the last week. And it isn’t just happening for me. When I look at my site visitor stats, they’re way down on the days when this happens to me, so it’s happening for others.

    I have posted about this issue previously, and Paul was asking for some additional information, like screenshots. Which I have now. This is what I see:

    Screenshot

    My own IP address is whitelisted, I am the only user (no other signups or logins allowed); my IP address doesn’t appear in the blacklist. I’m not logging in (and am not already logged in – just a public visitor) – you can see in the screenshot, the address bar is just my homepage URL.

    I am accessing it from the same room and the same computer as always (same IP address all the time as well).

    I am using cloudflare, but cloudflare IPs are also whitelisted in the firewall, and my own IP is whitelisted on cloudflare. But I don’t think it’s cloudflare because the same thing happens with cloudflare on, or cloudflare disconnected.

    I have turned off one, or both of the caching plugins as a test, and that doesn’t seem to make any difference either.

    I’ve deactivated and/or deleted various other plugins (this is the only security plugin I use) to see if there is some sort of incompatibility, but that hasn’t helped stop this either.

    When I see this notice (above), I login to my hosting (and I can even login to my wp backend, so yeah, I don’t think I’m blacklisted), upload the forceoff file to the firewall plugin folder, clear the cache, and then try to load my site. It loads.

    Then I delete the forceoff file, re-clear the cache and try to visit my again. And it loads fine.

    I don’t know what’s causing this. I don’t know what else to try to fix it.

    The only thing that is odd in my wordpress dashboard when this happens – there is always one or more plugins that require an update. Not even the firewall plugin. This morning, it was the EU Cookie plugin that needed updated.

    The last time I logged in because of this same notice it was the cloudflare plugin, and a deactivated plugin (image widget) that needed update.

    The previous time, it was the firewall plugin and the Foo Gallery plugin.

    It’s the only thing that’s the same each time this lockout has happened, but I can’t see how other plugins needed updating would lock me out.

    Very confused about what to try next. I’m heading away for a month, and I’m concerned that I won’t even be able to login to fix it if it happens again.

    https://www.ads-software.com/plugins/wp-simple-firewall/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Paul

    (@paultgoodchild)

    Okay, the first thing you need to do is change your lockdown time to 1 minute. This means if you’re locked out, it’ll be very temporary.

    Then, you need to look at the Audit Trail log and find out what’s being triggered in the plugin causing the automatic black list trangressions.

    Once you have an indicator as to what’s happening, then we can move forward.

    If we can’t solve it before you leave, then you should disable the IP Manager system.

    Thread Starter GraceyS

    (@graceys)

    Hi Paul – thanks for the response. I think maybe “locked out” isn’t quite the right term, but I don’t know what else to call it.

    My being locked out doesn’t affect my being able to login to wordpress account and dashboard.

    It only involves me not being able to see my site, which is what the weird part is.

    I am NOT locked out of being able to login. I can still login to my site’s backend.

    I am just not being presented with a visible webpage. It’s just like if you were to visit my site at the url, you get my web page. When this problem occurs, I am not given my web page, but the screenshot I shared with you.

    If it were locking me out due to an IP address issue, then wouldn’t I be unable totally to login to my account?

    This is what doesn’t make sense.

    I’ve taken several screenshots from the plugin settings and uploaded them to this folder. There is the audit trail – the long one is the login attempts, the other short one shows several blacklisted IPs where the connection was killed (I only uploaded part of that list as the balance are just search engines). Along with a couple of others in case you needed to see them.

    There is one IP address on the audit trail which seems to make repeated attempts to login – what I don’t understand is why there are so many of them, all at the same time, when I have the attempts limited to a short time frame and a very short number before they are blacklisted.

    My own IP address appears on none of the lists, except the whitelist, which probably isn’t necessary since the plugin has a notice at the top of the page that my IP is whitelisted automatically, and it displays the correct IP address.

    I’ve also disabled the section on the firewall plugin that monitors plugin changes to see if that will stop it.

    It’s entirely possible that I could have some setting wrong, but many of the settings are sort of set at the default level. There is one setting that I just get an error for – “IP Lists Management” (the manage whitelist or manage blacklist one with the two buttons at the bottom of the page). If I click the manage button for either, I just get an error notice with a blank page.

    Do you know if I am the only on whose experienced this? If so, it seems as though it’s sort of exclusive to me somehow – my browser settings, my plugin settings or … perhaps the fact that my wp version isn’t updated (there’s a reason I can’t update it).

    The plugin has been something of a lifesaver, which is why I don’t want to delete it because of this.

    I installed a different security plugin on my other site, but I don’t find it as good as this. I want to use it on both sites, but not until I figure out what I’m doing wrong.

    Plugin Author Paul

    (@paultgoodchild)

    Hi,

    Sorry for the delay in getting back to you. I’m still not entirely sure what might be going wrong in your case, but I believe that I found a small bug that might relate to your situation while working on another problem.

    We will release an update tomorrow, v4.16.2 which may fix your problem. I hope.

    A couple of things:
    – Where you have put your IP address on a whitelist, this is not where to white list your IP address. You do this in the IP Manager section.
    – If clicking on the buttons for the IP manager gives you errors, could you ensure that the main option in that section is turned on? That’s the only reason I can think of as to why you get those errors. This came to light in another thread last week. The new update will fix this problem by not showing the buttons when the section isn’t enabled. This is possibly also due to the ForceOff file being in place. It’s a bit of a catch-22 until I can figure out a way to resolve this. See the next point…
    – while working with this problem, please reduce your black list timeout to 1 minute. This means if you are locked out, you are only restricted for 1 minute. Then you can get back into your working WordPress admin without needing the forceoff system in place and being unable to edit your black list to remove your IP.

    I hope all that helps…

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Constantly being locked out of my own site – again!’ is closed to new replies.