I’m going on a trip tomorrow and not gonna bring my computer, so I decided to take one last check at my WordPress site making sure everything is doing fine. Then I saw recently all the bot like high count visitors are from a narrow range of IP from Singapore. I thought it’s just some good old crawler draining up my server, so I casually added the range to All In One Wp Security (AIOS)’s blacklist manager.
Then, without refreshing, I realized I recently setup cloudflare for all my site cuz my other site was DDoS’ed the other day. Couldn’t this happen to be cloudflare’s proxy server right? So I hit refresh. 403. At the same time, my Better Uptime incident alert came.
Bummed by my own stupidity, I think I should just be able to ssh into the server, disable all the plugins as usual, and back to the game. Well, after renaming both all-in-one-wp-security-and-firewall and all plugins at /var/www/html/wp-content/plugins/, I’m still getting 403. Usually all the plugin related issue got solved at this step without needing to restart service, I’m not sure why this time it didn’t work.
So I start to Google something like AIOS self lockout, trying to find where does it store the blacklist that I can quickly manually edit by command line. No luck.
I tried to disable cloudflare proxy at cloudflare dashboard, no luck. And I’m too lazy to switch DNS provider back to where I was using before.
I started to poke around more in the plugin’s folder, and eventually found the file that did the trick: /var/www/html/wp-content/plugins/all-in-one-wp-security-and-firewall/admin/wp-security-list-locked-ip.php.Seems like the IPs are stored at a table called AIOWPSEC_TBL_PERM_BLOCK. I just commented out the entire line here in the prepare_items() function. Refresh, back online, removed the IP range from blacklist, uncomment the line.
So, that was just a small stupid incident on a random Thursday night 9pm before a trip. 乁། * ❛ ͟ʖ ❛ * །ㄏ
If you find this blog useful and want to support my blog, feel free to:
Become a Patron!