I recently added a bunch of IP addresses to the block list in Cloudron a few days ago, however I noticed one of my client sites is still seeing a bunch of spam user account registrations and when I checked the IP address in the logs, it matches one that's already on the list of the block list.
IP address: 46.161.15.14
It's on the network block list from a few days ago. I double-checked it today after checking the WordPress app logs. The WordPress app logs show this:
2023-12-02T04:39:12.000Z 46.161.15.14 - - [02/Dec/2023:04:39:11 +0000] "GET /wp-login.php?action=register HTTP/1.1" 302 - "https://{domain}/wp-login.php?action=register" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36"
2023-12-02T04:39:13.000Z 46.161.15.14 - - [02/Dec/2023:04:39:13 +0000] "GET /wp-login.php?registration=disabled HTTP/1.1" 200 8357 "https://{domain}/wp-login.php?action=register" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36"
2023-12-02T04:43:01.000Z 46.161.15.14 - - [02/Dec/2023:04:43:00 +0000] "GET /wp-login.php?action=register HTTP/1.1" 302 - "https://{domain}/wp-login.php?action=register" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36"
2023-12-02T04:43:02.000Z 46.161.15.14 - - [02/Dec/2023:04:43:01 +0000] "GET /wp-login.php?registration=disabled HTTP/1.1" 200 8357 "https://{domain}/wp-login.php?action=register" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36"
How is this possible? Have I misunderstood how the network IP block list works? Or is it a defect/bug inside of Cloudron?
To be fair, even though it shows up on the network block list, maybe it's related to the issue I reported earlier the other day when adding a bunch of them?