Support

Admin Tools for WordPress

#32641 DFIShield attack blocked website

Posted in ‘Admin Tools for WordPress’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

WordPress version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Friday, 10 April 2020 17:17 CDT

WorthyImage
Hi,
My site blocked itself. There are DFIShield attacks on non existent Target URLs from my own server IP address.
What is the cause and remedy?

Thanks,
Dennis

dlb
First, we need to disable Admin Tools. You can use the instructions here to do that, look at the "Using FTP to regain access to your site's administrator" instruction.

Now you can log in. You need to unblock the server's IP address. There may be a large "Unblock my IP" button at the top of the Admin Tools screen. If it's there, that will do it.

Then go to Web Application Firewall, Configure WAF, on the first tab, flip the value in "Enable IP workarounds", if it is Yes, make it No or vice versa.

Now you can rename the main.php file that you renamed above to enable Admin Tools again.


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

WorthyImage
Thank you. Can you please tell me why this occurred? How can the attacks come from my IP address?
I’d like to give my client a reasonable explanation.

Thanks,
Dennis

dlb
Dennis,

You have another server in front of your web server. It may be a CDN, Cloudflare, load balancer, etc. That server gets traffic first, then forwards it to the web server. It also forwards both its own IP and the "source" IP, the visitor's actual IP. There is a standard for which order these IPs are supposed to be sent, but there is a LOT of variety in how hosts actually set them up. If the IPs are backwards, Admin Tools thinks all of your traffic - and all your security exceptions - are coming from the first server, not from the actual visitor's IP. IP Workarounds switches the order of the two forwarded IP addresses. It is a very common problem.


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

WorthyImage
Dale,
Thank you for the explanation. I greatly appreciate your time and patients.

dlb
You're welcome!


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.