markartisan

Hey @fscbmwcca

The software is a little clumsy in how it generates it’s messages, but as long as you have set the time period for the lockout to “permanently”, it stays that way until you change it.

You need to add these IP addresses to your “banned users” list. I have over 3,000 in my list which I share on https://artisanfoodmarketing.ie/banned-users/

Hope that helps.

Hey @ouiouiphoto

I have had the exact same problem (with the free version of iThemes Security)and it happens when I update the “banned users” list.

I found that by restarting the plug-in when you have updated the “banned users” list from the plugins menu (deactivate and then quickly reactivate) you site remains viewable.

I complained to the iThemes support team but I didn’t have any success.

Good morning John,

The software does this, sort of. If a hacker is particularly persistent the software will permanently block that hackers published IP, the problem is that sometimes that IP address is spoofed (their real IP is hidden and they mascarade under a false identity).

Best practice is to use an admin user account that can’t be easily guessed and to make sure you whitelist your IP addresses at home/work where you administer your account and have a fall back admin account set up. Also, have you implemented 2 factor authentication? I think it reduces the number of invalid login attempts.

@tjf85 – One last thought, have you installed 2 factor authentication such as Google Authenticator? I have noticed the volume of hacking attempts on my sites over the last few weeks have fallen significantly since implementing it.

Hey @tjf85,

You need to scale your “banned users” list – I have over 2900 consolidated IP address ranges in mine – here it is

https://artisanfoodmarketing.ie/banned-users/

You also need to scale your “banned user agents” list which you’ll find on this page as well.

I hope this helps

Hey @82-eridani

Yes, you can delete the WP-Better Security folder and that gets rid of the plugin, but just before you do that, try restarting the plugin from your “installed plugins” list, iThemes needs to be rebooted especially after updating the banned users list.

Also, remember to whitelist your own IP address.

Hope that helps

Hey @sandhyaycc

To restore access to the Google crawler across your sites, remove the following IP address from your banned users list;

66.249.64.0/24
66.249.65.0/24
66.249.66.0/24
66.249.67.0/24

have you registered your sitemaps for your respective sites on your Google search console/webmaster account?

I just checked my own settings in Security > Settings > System Tweaks > Directory Browsing and I have it switched off as well, so something else in your environment might be causing your problem

Hey @conorfi How’s it going?

I just installed the ScreamingFrog SEO tool and ran it against one of my sites and couldn’t replicate your problem, so three suggestions for you;

1 – Restart iThemes Security from the installed plugins page by DEACTIVATE and then as soon as your screen refreshes ACTIVATE. I’ve found that updating your banned users lists with a large block list makes your site unusable for some reason – the restart on the plugin is a bit of a dirty fix, but it works.

2 – FTP to your blogs directory and check to make sure that the directory itself hasn’t been set to hidden

3 – Consider switching off “prevent browsing of directories￡ and beef up your “banned users” list and install Disable REST API and Disable XML-RPC plugins to keep the bad guys out

Hey @flemmo

Fair play to you, that’s an elegant solution to a complex problem, well done sir

Looks like someone has guessed one of your usernames so. I’d suggest installing 2 factor authentication such as Rublon or Google Authenticator

Hey @jgjh151

Is there any possibility that you still have a user called “admin” or other such common user name still active in your users table?

@flemmo

If iThemes throws up an error about IP ranges that are “whitelisted” but you haven’t whitelisted them – don’t panic

iThemes would appear to use Amazon AWS for some of it’s processes so just let me know what IP addressed are flagged and I’ll adjust the solution accordingly for you

Hi @flemmo

It would look something like this;

[Large text excerpt removed by moderator per forum rules. Please use Pastebin or a Gist for all large code/text excerpts.]

Text block here: https://pastebin.com/VCTewZkV

Try that and let me know how you get on

• This reply was modified 7 years, 10 months ago by bdbrown.

Hey @flemmo

Yes, you could achieve this by listing every /8 IP address block in the “banned users” list stating at 1.0.0.0/8 through to 255.0.0.0/8 breaking out the ranges in your whitelist (iThemes Security doesn’t allow IP addresses that are whitelisted to co-exist as “banned users”)

You could use https://jodies.de/ipcalc as a tool to calculate the CIDR notation you’ll need.

Hope that helps