Support

Is there a way to automatically ban an IP based upon the URL they're accessing? Meaning, a site that I manage is getting hanmmered with WordPress URLs (404 Shield). I've had many attempts in one day! Is there a way to specify automatic blocking of any IP that attempts to access specific URLs. I've read the Admin Tools docs and don't see any workaround.

When you turn on the 404Shield, those "attacks" become subject to the autoban settings that you specified.  That's the purpose of 404Shield, to make the 404 errors banable.

You can't make the stop, and they're harmless against a Joomla! site.  They are annoying.

Hmmm...okay. I guess I'll have to just enable the 404 Autoban. Thank you.

Okay. So I went and check my settings and the 'Enable 404 Shield' was already set to 'Yes'. So I don't know why those IPs are not automatically set to be blocked. The '404 Shield' has a list of WordPress based URL directories already. Since my ticket request, I've received 10 more hits of IPs attempting to access WordPress directories but they are not being auto blocked.

Auto-ban settings:

IP blocking: Yes

Block after: 2 attacks in 1 hour

Block for this long: 100000000000 days

Add persistent offenders to the IP Disallow List: Yes

Permanently disallow IP after: 1 automatic IP blocks

Confused.

Hackers don't use their own IP addresses.  So a permanent ban is a bad idea.  What you're actually banning is an ISP's dynamic IP or a open proxy or a compromised computer.  The ban is somewhat effective against a bot, but it is trivial for a human to bypass it.  If you manage to ban all of the addresses that the hacker has access to you'll just slow your site to a crawl as it checks all those IPs with every pase load. 

Use the autoban to ban the IP for a day to slow down the bots, convert to a permanent ban for IPs that are autobanned multiple times.

You can slow them down, you may even annoy them (I like to think so). But you CAN'T stop them.  The only damage the 404s are doing is to your blood pressure.

Now to your settings, your autoban should trigger when the same IP hits your site twice within an hour.  If the bot is timed to reuse the IP after 61 minutes, it won't trigger the ban.

So for the Autoban, I've set Block after 2 Attacks in 1 Day.

Block for this long: 1 Day.

Permanently disallow IP after: 1 Auto IP Block.

Soudn about right to slow things down?

I wouldn't do the permanent ban that quickly.  You only want to do a permanent ban when the IP has already been autobanned multiple times.  That indicates that your hacker "likes" this IP address and it using it over and over.  I'd set it to permanent ban after 3 autobans.

dlb,

Thank you for the tip. I've made mods to my setup and will keep an eye on it.

Thank you!

You're welcome!