Iridium Intelligence
Forum Replies Created
-
Forum: Plugins
In reply to: [bad_ip WP] Link to IP Analyzer?Hi again Alfred,
As public service you mentioned is of good quality and wide with information they provide, new version of plugin implements linking to them in Reports table on main plugin page.
Thanks again for your productive comments
Regards
Forum: Plugins
In reply to: [bad_ip WP] Whitelist BlaclistHey Alfred,
At first I actually did not fully understand your remark, and thought you were having problems while updating lists itself, not plugin, but anyway, new version have just been released and handling of all manual white and black listing has been moved to database, so this kind of problems are solved.
Regards
Forum: Plugins
In reply to: [bad_ip WP] Link to IP Analyzer?Hi there Alfred,
As usual, with constructive comment. Yes, work is being done to implement gathering more information on backend side of bad_ip, and as soon as we push those changes, plugin will get more info about IP’s too
Thanks again
Regards
Forum: Plugins
In reply to: [bad_ip WP] Whitelist BlaclistHi Alfred,
Just went to confirm are there any bugs on plugin side and all the checks have passed.
As whitelist and blacklist are stored as serialized local files inside the plugin folder, it can be that you dont have writing permission that prevents you from storing the list files.
To solve this, next version we will implement storing this lists inside database
Regards
Forum: Plugins
In reply to: [bad_ip WP] Unlist IP not workingHi there Alfred,
Initially I thought there was problem with updates done on backend side of bad_ip and that backward compatibility failed, but I found there actually was error on plugin side and that there was equal sign missing in request parameter..
Thank you for noticing this.
I’ve just released new version of plugin with work being done on bad query checking against bad_ip public database, and patched the unlist request formatting. If problem continue after update, make sure to clean page cache.
Did redesign bad_ip unlist page too, to better present information about unlist status in case when IP is not in database anymore.
I’ll add that there is scenario when you have blocked IP, then someone else issued unlist request and removed that IP from bad_ip database, but you will still have that IP in your report, so in that case if you send request to unlist that IP, you will get message with Status: No IP found for the unlist request
Thanks again for your productive comments
Regards
Forum: Plugins
In reply to: [bad_ip WP] Why is this a bad qyery?Hi there Alfred,
Just to notify you that we just released new version (v1.0.5) with new option to manually white list detected bad queries.
On main page under Bad Queries report, you will notice icon button to add or remove detected query / link to list and exclude it from future detection.
Hope that this is help you needed in scenario like you reported here
Regards
Forum: Plugins
In reply to: [bad_ip WP] Why is this a bad qyery?Indeed, crawling should be done based on visible links on entry/main page of the site and go deeper and deeper by following the links on crawled pages and by sitemap and robots files if they exist.
So there is possibility that you have that broken link somewhere on some of your pages or that fault in scanning comes from crawler bot side, where they use some old historical/cached data or have “aggressive” mechanisms in scanning manually targeting url’s by increasing values of parameters used in page queries.
This scenario for sure pointed to us that we need a way to handle broken links from plugin’s side, and we will work on that solution in next versions.
Thanks again for your functional interactions
P.S. In versions 1.0.1 and 1.0.2 we implemented additional function that did automatic table updating for settings of the plugin as we introduced new fields in settings, but as number of installs is still low, and we want our plugin to have as less “extra” functions as possible, thinking everybody already updated, we removed that function in version 1.0.3, so it is possible that you had problem with missing field in settings table that gets fixed by deactivating and activating plugin. We’ll work on reintroducing that “upgrader function” with next release.
Forum: Plugins
In reply to: [bad_ip WP] Why is this a bad qyery?Hi there Alfred,
I’ve just looked into that incident reported as a bad query, and I concluded it’s generally passing one of plugins’s detection mechanism and that is that every link that leads to 404 (page not found) with any appended parameters will get reported.
So in this case url on your website
/en/mijn-fotos-in-een-galerij?page=6with parameterpage=6dont exist, have param in it and its treated as bad_query by plugin.We have large database of known bad queries used for exploits, but to be able to get new findings we cannot allow plugin to track only known, but must allow reporting of new too.
When this situations happens best thing would be to make sure reported page/link that doesnt exist get fixed and that you send request for unlisting IP that created that “incident”.
We are planning to introduce new settings that will allow user to set level of “sensitivity” and possibly skip bad query if not already confirmed in public database.
Thanks again for your interactions and helping to achieve better quality plugin
Regards
P.S. On the subject of your previous topic with crawler bots, when I checked this last query you reported in this topic, I noticed that same site reported google bots again, so just to make sure, in your plugin settings page set “Web Crawlers” button to “green state”, green means its ON, red color state means its OFF, I just noticed it could use some status text showing current status next to it and explaining that, will make sure to add it in next release.
Forum: Plugins
In reply to: [bad_ip WP] Locked out Google?Hi there Alfred,
We have just released new version of the plugin adding several segments, including switch checker for crawler bots and manual white and black lists under settings page and ability to check more info or send unlist request on IP from main plugin page inside “Denied Access” section.
Yes, there is a number of crawler bots addresses still inside our public database recorded as “offenders”. Most of them will be cleared as recorded incidents get manual review and prove as false positives. As you are probably aware, most of “bad actors” can easily set their user agent to look like known crawler bots, so we cannot implement global settings on our backend to allow them, but now we gave users a choice to allow them on their side and that will override all reporting and blocking mechanisms even if they are recorded in our database. Beside that, now when we working on revamping this project, we will appoint some of our SecOps personnel to manually review our public database on regular basis.
Again, thank you for getting attention to this matter.
Hope you will continue using bad_ip and that it will serve you well
Regards
Forum: Plugins
In reply to: [bad_ip WP] Locked out Google?Hi there Alfred,
Thank you for being one of early users, especially as one of the users that work on improving our plugin with your interactions.
We did confirm one of Google’s crawl bot addresses (66.249.66.86) as marked “offender” in bad_ip public database. Our plugin detected query
/weblog/page/9/?id=1&jsn_setmobile=yesthat resulted with 404 as bad query.As bad_ip work with global cloud database, IP’s are checked against whole bad_ip’s public database, and sometimes IP that you see in Reporting section wont be actually blocked. To remove the address you would have to visit https://bad-ip.info/, search for given IP, and if the address is there, you will have section saying “If you can confirm resolving of the problem that involved this IP in the incident(s), you can send request to our service for removal from the database” with button which will lead you to the form where you can request link for unlisting the IP from bad_ip database sent to your email.
We will always work to improve backend algorithms for detecting false positives.
Sections for manual adding of IP’s to be black or white listed will be released in next version. Link to automatically submit unlist request from your plugin page will be added in next version too.
This situation with Google implied to a new settings that will be implemented and will deal with crawl bots based on users choice.
We did unlist given IP as confirmed false positive and will try to deliver updated version of plugin as soon as possible.
Thank you again