blocked IP of user?
I am managing a few Commons Wordpress and somehow my home IP address (22.214.171.124) has been blocked by the server. When you have a chance, could you please add it to the white list?
Here is the list of the pages that I manage:
Thank you so much,
Tomonori Nagano, Ph.D."
#1 Updated by Marilyn Weber 9 months ago
I asked if she was able to log in at all. No - "I cannot access https://commons.gc.cuny.edu at all. I am sure that the server is up, but I lost my access to the server. As I understand, it happens if my IP is blocked by some security plug in (Jetpack, WP Security etc). I was updating multiple posts on one of the sites yesterday and it might have put my IP on the IP block list."
#3 Updated by Boone Gorges 9 months ago
- Status changed from New to Reporter Feedback
I heard back from IT. The IP address is, in fact, blocked. Activity from the IP address triggered a rule at the firewall. The pattern appears to be a large number of requests by the MarsEdit blogging software. Could you please pass the following requests for information along to the user:
- Can you confirm that you were using MarsEdit to manage content at asianheritage.commons.gc.cuny.edu between 6-7pm EDT on May 1?
- Assuming "yes", can you confirm the kinds of activity you were performing? Specifically, were you doing anything that might have triggered abnormally large numbers of requests to the Commons site? For example, were you editing or deleting large numbers of posts?
- Are there configuration settings in MarsEdit that might control the number of requests that MarsEdit makes to the server? For example, does it have "auto-save" functionality built in? Or does it have settings that control how the software fetches content from the blog?
#4 Updated by Marilyn Weber 9 months ago
She replies "yes, I am using MarsEdit for my WordPress sites, including asianheritage.commons.gc.cuny.edu<http://asianheritage.commons.gc.cuny.edu>.
As I mentioned in my initiative e-mail, I was migrating our blog posts from another site (Facebook) into the Commons WordPress, which must have triggered a red flag. I believe I had to move about 40 posts on Friday and my access was blocked. I usually post only a few posts a week and I have been using MarsEdit for a few years, so I believe it has nothing to do with its configuration."
#6 Updated by Marilyn Weber 9 months ago
She has it set to 50:
Yes, there is a way to control how many articles the program fetches at a time. I attached the screenshot. I can lower it to a smaller number, if necessary.
#8 Updated by Boone Gorges 9 months ago
It's a combination of MarsEdit and the fact that so many posts are being moved.
MarsEdit uses the XML-RPC protocol to communicate with WordPress. This protocol is a common vector for various kinds of brute-force attacks against WordPress installations, so our firewall software is configured to detect and block clients that make large numbers of requests to the XML-RPC endpoint. Under normal use - writing blog posts, etc - MarsEdit contacts the server only occasionally. But when "moving" or editing large numbers of posts consecutively, MarsEdit makes many requests, triggering the firewall rules.
MarsEdit should be fine for normal use. I'd recommend that users who need to make more administrative changes, including bulk post edits, instead use the WordPress web interface (wp-admin), where you won't run into the same firewall issues.
I'm still waiting for confirmation about the IP address. If the user tests and discovers that the block has been lifted, please let me know so I can close this ticket out.