hjogiupdraftplus
Forum Replies Created
-
Yes, AIOS fetches and stores Googlebot IPs daily, and this is why it updates the settings.php file. It is primarily used for the “Block fake Googlebot” firewall feature.
The IP ranges are currently obtained from:
https://developers.google.com/static/search/apis/ipranges/googlebot.jsonWe have an internal ticket to update the URL to the newer endpoint:
https://developers.google.com/static/crawling/ipranges/common-crawlers.jsonBoth URLs currently contain the same IP ranges.
The settings.php file is for firewall settings, so it does not include a change as an audit log or change log.
This list of IPs relates only to Googlebots, not Google Cloud servers and should not allow any user who purchase google cloud server to bypass rules related to it.
Regards
Hi @taco100,
AIOS > Brute force > login whitelist – have you disabled it?
Are you saying for the login lockout tab for AIOS > User security – Enable login lockout IP whitelist: ? It should be different and should not show 403 forbidden if locked out will redirect to 127.0.0.1.
https://snipboard.io/WG5xkh.jpg
AIOS > Settings > Advanced settings tab has IP address detection settings. There, you may cross-check the right IP address detection, which matches https://whatismyipaddress.com/ IP address.
Regards
Hi @taco100
I’m not sure, but let’s keep this open for a week. I’ll mark it as resolved after that. You can still add a comment to this topic after it has been resolved.
Regards
Forum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] Cloudflare TurnstileHi @saznajmo,
If I cross-check the AIOS implementation for cloudflare captcha it do not use
evalLet me create an internal ticket for this issue and get back to you asap.
Regards
Hi @taco100,
Ok, if adding the IP to AIOS > Brute force > login whitelist solved the issue.
That user might not have a static IP, and the IP may change in the future. The issue may reappear. Please do not use the login white list feature if you do not have a static IP.
Regards
Do you have the AIOS → Brute Force → Login Whitelist feature enabled? It appears your IP address may have changed and is not included in the whitelist, which is likely why the login page is showing a 403 Forbidden error.
Could you please add the constant below to your
wp-config.phpfile and check whether this resolves the issue?define( 'AIOS_DISABLE_LOGIN_WHITELIST', true );Regards
Thanks for raising issue. I will create an internal ticket to check the issue in detail and get back to you.
According to me, it is related to Google bots only IP range list.
Regards
Hi @taco100,
It seems strange that you do not have AIOS > Brute force > Login whitelist – not enabled, yet the wp-login.php shows a 403 forbidden error.
Is the IP in the AIOS > Firewall > Ban and allow list? It is need to know why IP gets blocked?
Regards
Hi @xmxg,
Thanks for raising the issue. It seems the Google bot IP ranges are not fetched. It does have prefixes as an array key. I will create an internal ticket to check this issue.
Regards
Forum: Plugins
In reply to: [All-In-One Security (AIOS) – Security and Firewall] iFrame protectionHi @vadimm5
Thanks for the information. I have created an internal ticket to check this issue.
Regards
Hi @melissaod,
It seems the WooCommerce registration page being used.
Can you please add a captcha for it, if possible, to stop bot registration?
Please keep checking, and if possible, blacklist that IP?
Regards
Hi @taco100,
Do you have the AIOS → Brute Force → Login Whitelist feature enabled? It’s possible that your IP address has changed and is not included in the whitelist, which may be why the login page is showing a 403 Forbidden error.
Could you please add the constant below to your
wp-config.phpfile and check whether this resolves the issue?define( 'AIOS_DISABLE_LOGIN_WHITELIST', true );Regards
We have tried to replicate the issue but have not been able to do so.
The recent AIOS release includes an onboarding wizard. Could you confirm whether you are able to modify a plugin file? If so, please add
return false;to themaybe_redirect_to_dashboard_pagefunction in{aiosplugindir}/classes/wp-security-onboarding.php.https://snipboard.io/Q8aif6.jpg
This may indicate that the issue is related to the onboarding wizard.
Regards
