Blocked IP addresses in Cloudron but still able to access WordPress sites
-
I recently added a bunch of IP addresses to the block list in Cloudron a few days ago, however I noticed one of my client sites is still seeing a bunch of spam user account registrations and when I checked the IP address in the logs, it matches one that's already on the list of the block list.
IP address: 46.161.15.14
It's on the network block list from a few days ago. I double-checked it today after checking the WordPress app logs. The WordPress app logs show this:
2023-12-02T04:39:12.000Z 46.161.15.14 - - [02/Dec/2023:04:39:11 +0000] "GET /wp-login.php?action=register HTTP/1.1" 302 - "https://{domain}/wp-login.php?action=register" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36" 2023-12-02T04:39:13.000Z 46.161.15.14 - - [02/Dec/2023:04:39:13 +0000] "GET /wp-login.php?registration=disabled HTTP/1.1" 200 8357 "https://{domain}/wp-login.php?action=register" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36" 2023-12-02T04:43:01.000Z 46.161.15.14 - - [02/Dec/2023:04:43:00 +0000] "GET /wp-login.php?action=register HTTP/1.1" 302 - "https://{domain}/wp-login.php?action=register" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36" 2023-12-02T04:43:02.000Z 46.161.15.14 - - [02/Dec/2023:04:43:01 +0000] "GET /wp-login.php?registration=disabled HTTP/1.1" 200 8357 "https://{domain}/wp-login.php?action=register" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36"
How is this possible? Have I misunderstood how the network IP block list works? Or is it a defect/bug inside of Cloudron?
To be fair, even though it shows up on the network block list, maybe it's related to the issue I reported earlier the other day when adding a bunch of them?
-
-
@girish said in Blocked IP addresses in Cloudron but still able to access WordPress sites:
@d19dotca I think the network block list never completely applied because of the size of the ipset. That's most likely the root cause.
I know that this feature was likely originally intended to be a manual update rather than importing a giant list and works well for that, but as threats/spam become more common place, I think we’ll need Cloudron to keep up. Is it possible to prioritize improving this feature soon for us to allow thousands of IP addresses being added?
@robi said in Blocked IP addresses in Cloudron but still able to access WordPress sites:
Perhaps move those to the top of the list to see the logs stop showing them.
That’s a good idea, I’ll test that out. Thanks Robi.
-
@d19dotca said in Blocked IP addresses in Cloudron but still able to access WordPress sites:
I know that this feature was likely originally intended to be a manual update rather than importing a giant list and works well for that, but as threats/spam become more common place, I think we’ll need Cloudron to keep up. Is it possible to prioritize improving this feature soon for us to allow thousands of IP addresses being added?
Fully agree! A strong network filter / block would be another USP