The most confusing part might be the Logs tab. There are a few different tables with statuses and some actions can be performed too. We will try to cover most of them here:
This provides a list of all lockouts that are currently active and enabled. It contains the IP address, the Login name, how many attempts were made (Count) and when the lockout will expire (Expires in minutes).
This is a log of all attempts to log into your site.
Time: the time the attempt was recorded (using the time configured on your site).
IP: IP address associated with the attempt.
Gateway: The URL that was used by the attack.
Login: Username that was used in the attack.
Rule: The rule that was triggered. It’s either allow or deny.
Reason: There are quite a few different statuses available here:
- ip_acl_temp_local_deny – IP blocked temporary for this site only
- ip_acl_temp_network_deny – IP blocked temporary for the group of sites this site belongs to
- ip_acl_local_deny – IP blocked by allow/deny rules for this site only
- ip_acl_network_deny – IP blocked by allow/deny rules for the group of sites this site belongs to
- ip_lockout_allow_expired – IP allowed b/c its lockout period has expired
- ip_lockout_allow_below_limit – IP allowed b/c the number of attempts is below limit
- ip_lockout_deny – IP is locked out b/c the number of attempts is above limit
- login_acl_local_pass – attempt allowed b/c of a local login pass rule
- ip_acl_local_pass – attempt allowed b/c of a local ip pass rule
- all_acl_none – there were no allow/deny rules matching the request
- country_acl_local_allow – the country is allowed for this site
- country_acl_local_deny – the country is denied for this site
- ip_acl_temp_none – IP is not blocked temporary
- all_acl_local_allow – both IP and login are allowed by allow rules for this site only
- all_acl_network_allow – both IP and login are allowed by allow/deny rules for the group of sites this site belongs too
- login_acl_network_deny – login is blocked by a deny rule for the group of sites this site belongs too
- login_acl_local_deny – login is blocked by a deny rule for this site onl
Pattern: A username that you listed, an IP or range of IPs, a country. This is an entity based on which the decision was made to allow or deny an attempt.
Attempts Left: How many attempts are left for the IP at the time the attempt happened.
Lockout Duration: How many minutes are left before the IP is unlocked automatically, at the time the attempt happened.
Actions: You can add or remove IPs and logins to/from your allow/deny lists.
Icons definitions for Actions:
Open Red lock – Unlock IP
Closed Red lock – Add IP To Deny Rules
Red Minus sign – Remove IP Or Login From Deny Rules
Green Plus sign – Add IP Or Login To Allow Rules