cPanel IP Address Deny Manager – IP addresses deleted by cPanel IP Address Deny Manager

[Connie S Owens]

I was told by my hosting company that the reason my IP address deny manager was wiped out was because of the changes this plugin made to my htaccess.  Does not make sense, so I am seeking some information.  I have blocked nearly a hundred IP address from my domains using the IP address deny manager in my cPanel for two of my sites.  The third one is unaffected.  Can you explain please?  Once they reset my htaccess, they were able to recover some of the IP’s that were blocked.

EDIT:  That answer is not what I asked about.  cPanel is not a part of WordPress.  I am asking how the plugin can affect something is not a part of WordPress.  IP address deny manager is a part of cPanel, not WordPress.

Thank you.
C

[AITpro Admin]

BPS does not have the capability to affect cPanel or any of the cPanel tools like the cPanel IP Address Deny Manager.  This sounds like a problem that occurred in older versions of cPanel.  Newer versions of cPanel have fixed all their cPanel tools so they do not cause problems like deleting/overwriting saved IP addresses or other saved information.

Here is what happens technically:  The cPanel IP Address Deny Manager tool looks at your root htaccess file code and if it finds what it thinks is code that it should use in the cPanel IP Address Deny Manager tool then the cPanel tool tries to automatically figure out what to do with your root htaccess file code to create new code in the cPanel IP Address Deny Manager.  Usually either all of your cPanel saved code (IP addresses, etc) is deleted/overwritten or your website crashes due to malformed/bad code.  I have never seen a cPanel tool get this right before so I do not know if the cPanel tools ever worked correctly to begin with.  Like I mentioned above – all of the cPanel tools have been fixed in the newest versions of cPanel and no longer cause these types of problems anymore.

[Connie S Owens]

Thank you.  I did not think it had to do with plugins in WordPress.  Even my limited knowledge it did not make sense.  I will bug them about updating.  Since I do not have that level of control.  I did think it odd that those two sites were the ones affected, the site I have not used this plug in has not been affected.

Another thing I noticed in the security log is my IP address continues to show up as blocked as a hacker, everytime I visit one of my pages. Yet I am not blocked from my site.  Just attempting to gain an understanding.

Thank you and ignore my second response, I assumed the Reply to post I see was an answer to my initial question.

[AITpro Admin]

Post one of the Security Log entries that you are talking about so I can take a look at it.

[Connie S Owens]

Well, did not think of saving it, deleted it, but this is a sample without my IP:

[403 GET / HEAD Request: August 26, 2015 – 2:40 pm]
Event Code: BFHS – Blocked/Forbidden Hacker or Spammer
Solution: N/A – Hacker/Spammer Blocked/Forbidden

Then the rest of the info.

I checked the IP because it was familiar, to make sure it was mine, at least the one assigned to me, but when I write this they do not provide individual IP’s do they?  Crap there is still so much more for me to understand.  ARgh.

[AITpro Admin]

“Then the rest of the info”  is what I would need to see to be able to tell you anything.  If you see another Security Log entry at a later date then you can post it so I can tell you what it means.

[Connie S Owens]

Created another entry by viewing the pages on my site:

[403 GET / HEAD Request: August 28, 2015 - 3:04 pm]
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 72.173.186.11
Host Name: 72.173.186.11
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /wp-login.php?redirect_to=http%3A%2F%2Fofficewife.biz%2Fwp-admin%2Fadmin.php%3Fpage%3Dbulletproof-security%252Fadmin%252Fsecurity-log%252Fsecurity-log.php&reauth=1
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (X11; Linux x86_64; rv:10.0) Gecko/20150101 Firefox/20.0 (Chrome)

I just got this: Solution: N/A – Hacker/Spammer Blocked/Forbidden. So this means nothing was done?  but if the N/A is removed then it is blocked? I gotta quite my head is on overwhelm trying to understand all this.  Problem is I have to secure client sites as well.  So this is important to me to decide if this is going to work for them or not.  My two sites are the test pilots because they are bombarded several times at certain intervals in the day.

[AITpro Admin]

That Request URI is very strange and is not normal.  I have no idea why you would be seeing this additional portion of the URI: admin.php%3Fpage%3Dbulletproof-security%252Fadmin%252Fsecurity-log%252Fsecurity-log.php. I have never seen this before. Logical guesses would be something is caching the backend or frontend of your website incorrectly, you have additional custom htaccess code in your root htaccess file that is forcing an unusual redirect, you have invalid/incorrect htaccess code in your root htaccess file, something in cPanel is breaking things on your website.  I think maybe you would be better off using a simple WordPress security plugin like Wordfence.  Wordfence is not as secure as BPS, but it at least offers some website security protection – better than nothing.  Wordfence does not use htaccess code and there are obviously odd problems occurring on your website/server with cPanel and htaccess code or something else you have installed on your site and htaccess code.

The %2F is an encoded forward slash (/) while the %252F is double encoded forward slash. This happens because of using the rewrite module that the Apache first encodes the forward slash characters and then encodes them one more time by default. As a result the browser refers to the directory on the Apache server that does not exist as the directories paths are separated by ‘/’ characters in file system instead of ‘%2F’ characters, aren’t they?

[Connie S Owens]

Thank you, will investigate further.  Maybe go back to the All in One WP Security I was using before.  Thank you for your time.

[AITpro Admin]

All in one wp security also uses htaccess code so you will probably run into some problems as well.  Also all in one security is created by experienced php coders:  “This plugin is designed and written by experts and is easy to use and understand.”, but what is missing from that statement is this:  …written by website security experts… 😉  I believe whatever is causing the problem is either at the cPanel or server level or something else you have installed on your site or a problem with some additional code added in the BPS root htaccess file that is not standard BPS htaccess code or maybe the BPS root htaccess file code has been changed/modifed from the original standard BPS code.

You can see if creating new BPS htaccess files fixes the problem by doing the steps below.  Worth a try.  It is possible that what you stated originally “Once they reset my htaccess” means that your host support folks botched things.  Not sure what “reset” means, but at bare minimum to me it means they changed the standard BPS root htaccess file/code.

B-Core htaccess Files Setup Steps
1. Click the Root Folder BulletProof Mode Activate button.
2. Click the wp-admin Folder BulletProof Mode Activate button.

[Connie S Owens]

I will do this again.  I know the techs at my host restored a previous version of htaccess and recovered some of the denied IPs, but the code was written like this before that from the beginning.  Just update my WP to the latest version.  Not using other security plugins, the other plugin I have is Skt NURCaptcha, not sure if that would affect it.  Otherwise…  Just wanted to learn how to read the log, if hackers are being blocked.

Thank you.

[AITpro Admin]

BPS comes with pre-made root and wp-admin htaccess files.  So if you are not using those BPS htaccess files and the code is different in the restored htaccess file then it is very likely the cause of why this odd problem occurred. BPS is designed to work with BPS htaccess files, but you can also create your own custom htaccess files and code.  You just need to make sure your custom htaccess code/files are good/valid.

[Author]

Posts