New to the community? Start here

Is there a firewall / DDOS protector on the Hosting that I can't See?

Hi there,

I have a site with some forms that multiples of people access from the same office at the same time. After a short while they were getting timed out, seemed like a firewall locklout.

I logged into the site, from a different location, and whitelisted their IP Address in Defender and WordFence, but they still have no access. Is there another firewall that we don’t see active on your hosting?

Many thanks

Stuart

Thu, 28 Feb 2019 7:31:32
  • Adam
    • Support Gorilla

    Hi thebastion

    I hope you’re well today and thank you for your question!

    There are some security tools/mechanisms but none of them is expected to cause such behavior – that would have to be really fast and “large volume” traffic, reassembling kind DDoS patterns, to cause any issues.

    However, we’d need to check logs on our end. Could you please share the IP(s) in question with me so our hosting admins could look into it?

    I’d also like to take a closer look at site setup so would you mind enabling support access to it? To do this, please go to the “WPMU DEV -> Support” page in site’s back-end and click on “Grant support access” button there, then let me know here once it’s done.

    Best regards,

    Adam

  • Adam
    • Support Gorilla

    Hello again!

    I was about to ask for one more thing but I hit “publish” too fast :slight_smile:

    Would you be able to also provide some screenshot actually showing such lock-out/time-out from affected user point of view, please?

    Best regards,

    Adam

  • thebastion
    • Site Builder, Child of Zeus

    Thanks for getting back tome Adam,

    I have enabled support and put the IP address in the comments box. As soon as I can get a screen shot from them i’ll pass it on, but it sounds like they are just white screening / hanging.

    I have both Defender and Wordfence deactivated at the moment to see if that helps, but I am waiting on a response from the chap on whether that has helped at all.

    Let me know if you need anything else in the meantime.

    Stuart

  • Predrag Dubajic
    • Support

    Hi Stuart,

    Did you manage to get any screenshots in the meantime?

    I have forwarded the IP to sysadmins to check but there is one more thing that I would like to mention.

    If there are a lot of failed attempts to login via SFTP/SSH then IP will indeed be blocked, do you know if there were any failed logins from the people in the office?

    Best regards,

    Predrag

  • thebastion
    • Site Builder, Child of Zeus

    My client works shifts and hasn’t got back to me with a screenshot yet.

    I have noticed a new form has been completed from the IP address and I have disabled Defender and Wordfence which means it is probably one of those. It’s just weird beciase Wordfence is in learning mode and neither firewall has any report of that IP.

    Only one of the people in this office have login credentials for the site, I will check with him and get back to you, but I am pretty sure it is not that.

    Thanks for your help,

    Stuart

  • Adam
    • Support Gorilla

    Hello thebastion

    It’s just weird beciase Wordfence is in learning mode and neither firewall has any report of that IP.

    You are right, in learning mode WordFence shouldn’t be locking any IP out. Disabled Defender shouldn’t be doing that either. However, let us know, please about that possible access from that one person that has credentials and please try to grab that screenshot. I realize that it’s a bit difficult for you currently as they work shifts but while it’s a “small thing” it might actually help a lot so we’d need to give it a go.

    Keep us updated please and I hope will be able to “drill down to the core” of the issue this way.

    Best regards,

    Adam