wpsolutions

Hi @david2432

I have added site.ru to the blacklisted user agents previously but it still appeared in 404 logs

That didn’t work because you are trying to block the referrer but that feature is for “user agents”.
Currently there isn’t an inbuilt blocking mechanism for referrers.

For now you could add a rule manually as suggested by @kdh10.
In the meantime we will look at perhaps expanding the firewall rules to block based on “HTTP_REFERER”.

Hi
Thanks for the feedback.
I think you make a valid point.
We will look into this more and investigate the best way to address this.
I will keep you posted.

Hi @niunuli
That rule is coming from the advanced character string filter rules.
I recommend that you disable the advanced character string filter firewall rules.

I recommend that you should enable the 6G rules.
Having the 6G rules enabled is good enough since those rules have the most optimal firewall security coverage.

Hi Babette,
I’m a little confused. Can you please provide more information as to what the issue is you are seeing with the aiowps plugin?

Update: never-mind – I think I know what you are referring to.

• This reply was modified 6 years, 1 month ago by wpsolutions.

I think the problem is with how Linux x86_64 entered into the code – maybe the space there messes things up

Actually the space should not affect the correct operation of the blocking rules.
For example, I also tried entering the following in the settings:
Linux x86_64

The above appears as follows in my .htacces file:
RewriteCond %{HTTP_USER_AGENT} ^Linux\sx86_64 [NC]

The blocking still works as expected except this time blocking only occurs for visitors with user agent string which exactly matches “linux x86_64” (note: it is case insensitive).

Have you asked your host support people to see if they can help?
Have you also checked to see if some other .htaccess directives in your file might be conflicting with these rules?

Hi @mark8888
Do all of these bots have a user agent string which starts with the word “Linux”?
Could it be that the user agent strings which contains “Linux” all start with something different? Are you able to check what the exact user agent string is?

I tried a few tests on my site by simply entering “Linux” in the blacklist “user agents” section and I was able to block requests which had a user agent such as this one:
Linux x86_64

Hi @pswpuser,
IP addresses or other info stored on your system by this plugin is done purely for the security of your site.
Without such information, a large number of the features in this plugin would not work properly.
A lot of the info which is saved in the specific tables of this plugin is regularly deleted automatically using wpcron tasks. Basically only the newest 5000 rows are kept and the rest is deleted by default. The following tables are the ones I am referring to:
aiowps_events
aiowps_failed_loginsaiowps_login_activityaiowps_global_meta
You can use the following filters to override the number of rows kept from 5000 to something else:
$max_rows_event_table = apply_filters( ‘aiowps_max_rows_event_table’, $max_rows_event_table );
$max_rows_failed_logins_table = apply_filters( ‘aiowps_max_rows_failed_logins_table’, $max_rows_failed_logins_table );

$max_rows_login_activity_table = apply_filters( ‘aiowps_max_rows_login_attempts_table’, $max_rows_login_activity_table );

$max_rows_global_meta_table = apply_filters( ‘aiowps_max_rows_global_meta_table’, $max_rows_global_meta_table );

An example of code for using one of the filters above is: add_filter('aiowps_max_rows_failed_logins_table', 'modify_max_rows_failed_logins', 10, 1);function modify_max_rows_failed_logins($max_rows) { return 5; }
The above example will delete all the rows in the “aiowps_failed_logins” table except the newest 5. So if you wanted to delete all rows in that table you can replace 5 with 0.You can also follow the same logic for the other filters/tables – simply change the “aiowps_max_rows_failed_logins_table” to the filter name you want to use.
There are also 2 other tables which are not automatically pruned. These are:

aiowps_login_lockdown
aiowps_permanent_block

These tables are used to ensure that certain malicious IP address are blocked from the site. If you wish to delete the information in these tables you can do so either via the admin page or using PHPMyAdmin but as mentioned previously, your site will not be able to block those IP addresses if they are deleted.