Problems with Error 404 and lockout notifications

  • zorba256

    (@zorba256)


    5 years, 7 months ago

    I have large numbers of non-existent URL requests resulting in 404 errors and then lockouts. In most cases there are two problems in the log report that reflect the source database record itself for both the 404 and the lockout notification.

    Firstly the external host IP address that is recorded is that of that of my web server – not the correct external IP address, as shown in the web server access logs.

    I assume that this is an error in the plugin.

    Secondly the URL requested is truncated after 80 characters and an ellipsis (utf8 E28046) is appended to the end of the string.

    Is this due to my misconfiguration or also an issue with the plugin itself?

    I can supply details from my logs and database if this would help.

Viewing 4 replies - 1 through 4 (of 4 total)
  • nlpro

    (@nlpro)

    5 years, 7 months ago

    Is your site behind a proxy ? If so, Cloudflare ?

    What value is the Proxy Detection setting in the Global Settings module currently set to (default Automatic).

    To prevent any confusion, I’m not iThemes.

    • This reply was modified 5 years, 7 months ago by nlpro.
    Thread Starter zorba256

    (@zorba256)

    5 years, 7 months ago

    Humble apologies – completely missed this response.

    I have no proxy on this site and the setting in indeed still set at automatic.

    nlpro

    (@nlpro)

    5 years, 7 months ago

    No problemo;-)

    Is the (client) IP currently displayed underneath the select box correct ?

    If your site is not behind a proxy you could/should simply select the Disable value for the Proxy Detection setting. One major disadvantage of the (default) Automatic setting is that it can be abused by attackers to spoof their client IP address when your site is not behind a proxy.

    Note that any change in the Proxy Detection setting will immediately show you a resulting (client) IP address underneath the setting’s select box.

    If disabling the Proxy Detection setting still doesn’t help getting the proper client IP address, you could enable the Security Check Pro module (if not already). Note this module is only listed under All and/or Advanced modules.

    Enabling the Security Check Pro module will make a new select option available for the Proxy Detection setting named: Security Check Scan.

    It doesn’t really make sense to use this when there is no proxy, but it won’t hurt trying as a last resort.

    Let me know how it goes.

    Thread Starter zorba256

    (@zorba256)

    5 years, 7 months ago

    I now realise that strictly I should have said that the site isn’t using a Proxy server “as far as I know”. I’d forgotten that I had moved the site to a reseller’s web host who may conceivably made other arrangements in this respect.
    OK – the iThemes Global Settings did have the “Automatic” setting for Proxy but it did show my client IP address correctly. I changed this to Disabled anyway and it still shows the correct Client IP for me.
    I guess I now just have to wait until the next attack comes in and see if it detects the source IP address correctly and is then able to block that address (which is wasn’t able to do when the server IP was detected my mistake). If it doesn’t I’ll try the Security Scan Check.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Problems with Error 404 and lockout notifications’ is closed to new replies.