Elxis CMS Forum

Support => Security => Topic started by: seadhna on February 28, 2017, 13:42:38

Title: Possible to whitelist IPs?
Post by: seadhna on February 28, 2017, 13:42:38
Hi there,
I am going to start using a CDN. Is it possible to whitelist IPs? If not, is it possible to switch off Defender completely? Defender seems to be banning users more than it should lately - e.g. when I ping the site from worldwide locations to test load time, the ping services seem to get banned.
Title: Re: Possible to whitelist IPs?
Post by: datahell on March 01, 2017, 14:46:32
See defender's security log to see why it bans these IPs. There should be a good reason for that. Do you have also the IP filter enabled in defender? If Yes and these IPs are black-listed then this is why defender bans them. Then is no way to unban these IPs as they are loaded automatically from a third party service.
Title: Re: Possible to whitelist IPs?
Post by: seadhna on April 06, 2017, 18:37:11
Hi datahell,
so I have ongoing issues for the past 2 months with Elxis Defender banning google bots and Google is getting completely banned from the website. All pages are showing as 'Access Denied' in Webmaster Tools. I have gone through the Security Log and corrected all the malformed hyperlinks that were causing problems, e.g. a missing slash from hyperlinks: http:/www.example.org instead of http://www.example.org was being interpreted as an attack by Google Bot when it crawled this link. So, I thought a solution would be to test every page on W3's link checker: https://validator.w3.org/checklink
However, this tool gets banned from the site! I tried to use it with a page from the site, and it says: Error: 403 Forbidden. then I checked the defender_ban.php and sure enough: the W3 IP has been entered on the list: '128x30x52x136' => array('times' => 2, 'refcode' => 'SEC-DEFG-0009', 'date' => '2017-04-06 15:28:29'),

Can you assist with this? This is happening (Error: 403 Forbidden) on all Elxis sites I have checked, including www.Elxis.org
Title: Re: Possible to whitelist IPs?
Post by: datahell on April 06, 2017, 19:22:04
Elxis Defender does not block Google. If you have bad links on your site it is not Defender to blame. Google might have indexed your site with these bad links and a person visiting your site from google if he follows such a link he will be banned. This is absolutely normal because Defender's blocking policy is based on very carefully selected rules. For example it blocks all attempts scanning for wordpress administration folder (wp-admin). So if you create a link like that: http://www.example.com/wp-admin/ Defender will ban everyone that will try to visit it.

As for blocking W3C I haven't investigated this issue but most probably Defender blocks it because of the user agent. Defender blocks automated remote tools used by hackers to attack sites like libcurl, wget and other similar. If you want you can disable Defender for some time (eg to perform the tests), or for always. Elxis is secure with or without the Defender. The difference is that without the defender all attacks will reach your site and you wont have a view of what is happening on your site from a security perspective. You can also disable the general rules (option G) and enable only the C option (custom rules) and put your own rules in custom.rules.php. This way you can fully customize Defender's blocking policy.

includes/libraries/elxis/defender/custom.rules.php
Title: Re: Possible to whitelist IPs?
Post by: seadhna on April 06, 2017, 20:22:46
Hi datahell, thanks for your response, but I don't know how to take both your statement and what I see in Google Webmaster Tools as true. Google Webmaster Tools repeatedly tells me that it cannot access the website, that acccess is denied. Then when I consult the Defender_Bans.php I see that Google Ips are indeed blocked. Can you explain this?
Title: Re: Possible to whitelist IPs?
Post by: seadhna on April 06, 2017, 20:23:59
My primary question was in fact though regarding the W3 tool. This should surely be usable! It is a perfectly ethical tool, posing no threat to the website. All other CMS's seem to allow it.
Title: Re: Possible to whitelist IPs?
Post by: datahell on April 06, 2017, 20:55:14
Clear all defender bans.
Empty security log.
Disable defender.
Check your site with W3C.
If you wish re-enable defender. In this case check security log regularly to find out if and why Google gets banned. If you dont understand the security log entries, copy-paste the message here.

You really don't care if W3C is banned. W3C will not visit your site except if you order to do so.
Other CMSs do not have a site protection system like Elxis Defender.

Tip: Dont let IPs banned forever. Clear regularly banned IPs file. After 1-2 days from the ban time you can safely remove IPs from ban list.