zero-spam-for-wordpress icon indicating copy to clipboard operation
zero-spam-for-wordpress copied to clipboard

Published 20 hours ago verified publisher icon Highfivery

[BUG] IPs being blocked without apparent reason

Open inspiredearth opened this issue 1 year ago • 0 comments

I raised this issue here: https://github.com/Highfivery/zero-spam-for-wordpress/issues/321 In my opinion Ben you've closed that ticket prematurely.

I have submitted two follow-up messages on that ticket, but I suspect you won't see them since the ticket was closed. So I am reopening this new ticket, with my most recent comment (from today).

I have returned to this issue because today, after not accessing the site in question for at least a month (probably not since mid May, when the issue previously occurred), I have tried to access it and I am getting the message, "Your IP address has been blocked by WordPress Zero Spam due to detected spam/malicious activity." I have tried accessing it from a number of IPs (using a VPN) and I get the same message.

That seems very odd to me. If you disagree, would you please explain why it's expected and normal behaviour?

What suspicious activity could I have been doing on the site, when I've not visited it in over a month? What's more, as before (reported in #321 ) it's not just my IP address that's being blocked. You said it's configuration settings that are causing the block, yet it has an off-the-shelf configuration, and it's been working fine for a long time with that configuration. Yet now, as it did on May 17th, immediately after updating the plug-in, it is blocking multiple IP addresses from accessing the site. It is safe to say these these IPs are not involved in suspicious activity on my site.

Now that I've disabled it (via SSH), and accessed the site, I can see in the site stats that people have been accessing the site. So it's not blocking all IPs.

I've done another test via https://www.isitdownrightnow.com/best-mac-tips.com.html, and I can see they are reporting it's been down for at least the last 6 days. So presumably their IP is being blocked.

image

Error Logs

In the error logs I see the following recurring error: 2022-07-26 17:42:13::cURL error 28: Resolving timed out after 5532 milliseconds. That's occurred roughly every hour or so since 2022-06-21.

Prior to that, there will thousands of entries for 2021-11-30 00:14:06::{"code":104,"type":"usage_limit_reached","info":"Your monthly usage limit has been reached. Please upgrade your Subscription Plan."}. That started on 2021-11-29 (which I am guessing is when I installed Zero Spam, or when I updated it?), and that stopped occurring on 2022-05-17. Those were occurring a few times every minute. May 17 2022 is when I updated your plug-in, after which the IP blocking issue started to occur.

IP Block Logs

I have the IP block logging activated. Although it is not apparent where the logs are stored. Would you please point me in the right direction.

inspiredearth avatar Jul 26 '22 22:07 inspiredearth