XF 1.5 Attempted Login IPs


Active member
I am getting swamped with attempted logins for my new site, with over 100 different IPs constantly on my site. From the ones I have been able to identify by server logs, many are known spammers. With the xf_login_attempt table I can easily tell which ones are trying to force attempted logins, by the login being used, but the IPs are in varbinary(16) format. Is there a way anyone knows that I can export and easily convert these to the proper IP address, so that I can add them to my server ban? They haven't been able to access the site, but are burning through some bandwidth, so I want to block them at the server level. Thanks!


Not sure if it best way, but i have nearly same Problem and i solve this collecting these IP's try to Login/register too much or just spam requests in a txt file. This is fine because i may define the rules by any .php or other script anyway different for candidates placed to the blocking txt file. With a cron or event based read out that txt file line by line + put each to firewall block for a time x hours... This works fine and also over multiple Domains etc.

Most firewall's have a shell based command for blocking a single ip, some have Options to include such a txt file as a blockfile directly. I use the first Option read out the txt file with bash script line by line for blocking...
Last edited:


XenForo developer
Staff member
The IPs are stored a 4 bytes of binary (for IPv4). You can convert it with the following query:
SELECT INET_NTOA(CONV(HEX(ip_address),16,10)) FROM xf_login_attempt