Requests from blacklisted IP address not showing in Firewall log

  • Resolved daviesda

    (@daviesda)


    10 years, 5 months ago

    Hi Paul,

    I’m using v 2.6.5.

    After turning on the detailed Firewall log for a few minutes I saw lots of suspicious activity from an IP address repeatedly making a POST request to a malformed login page URL (“/wp-login.phpwp-login.php”). So I blacklisted the IP. I confirmed that the IP address was indeed blacklisted by loading the Firewall config page. The IP appears in the ‘Blacklist IP Addresses’ box.

    However if I turn off detailed Firewall log requests from the blacklisted IP are not showing up in the Firewall log. I’ve clicked Clear/Fix Log.

    If I turn the detailed Firewall log back on to check that the suspicious activity is still happening, it is. The detailed Firewall log reports that the IP is blacklisted, confirmed by ‘[ IPWHOIS Lookup ] [ Remove From Firewall Blacklist ] [ Add To Firewall Whitelist ]’ but reports a result ‘After whitelist options were applied, there were no page parameters to check on this visit.’

    So is a blacklisted IP address actually blacklisted, and I also assumed that requests from a blacklisted IP would appear in the regular Firewall log and not just the detailed log. Is that not the case?

    Cheers,

    David.

    https://www.ads-software.com/plugins/wp-simple-firewall/

Viewing 1 replies (of 1 total)
  • Plugin Author Paul

    (@paultgoodchild)

    Hi David,

    I think there is a misunderstanding here about the logging system – there aren’t 2 levels “regular”, “detailed”. I’ll review the plugin to see how blacklisted IP addresses appear in the log… I can’t remember since this was one of the early features I implemented in the plugin.

    As I mentioned in another post I’ll be rebuilding out the logging system to be more like an audit trail / log, but that’s a while away yet.

    You could test the blacklisting of IP addresses by black listing your own and then forcefully turning off the firewall using the hard switch (https://icontrolwp.freshdesk.com/support/articles/3000000959-i-m-locked-out-of-my-own)

    Let me know what you find if you do.
    Thanks,
    Paul.

Viewing 1 replies (of 1 total)
  • The topic ‘Requests from blacklisted IP address not showing in Firewall log’ is closed to new replies.