[XTR] IP Threat Monitor [Paid] 1.0.26

[Osman]

Not entirely sure, but I just did a quickie fix and made my own cron for it, which does work. Could this type of approach be implemented into options to auto delete every x? Obviously this will stop working the moment I upgrade otherwise, and I don't want to adjust your addon code, I am just testing a solution to my problem.

Hey there,

Thanks for trying to help out with a fix! I took a look at your

ClearAll code, and honestly, I have to strongly advise against using it.

The issue is that DELETE ... 1=1 wipes everything indiscriminately. So, if you've banned an attacker for 24 hours and your cron runs at hour 12, that attacker gets released early. Plus, it nukes your entire Whitelist and all your attack statistics. You’d be solving one problem but creating several new security holes.

Good News: We're about to release version 1.0.26, which fixes this performance bottleneck properly at the source. We've completely refactored the query logic, so it runs instantly even with millions of records. We've also built in the "Auto-Prune" (Retention) feature you were looking for—but ours is smart enough to clean up old junk without touching active bans.

So, please disable your custom cron job and hang tight for the official update. It’s safer and does exactly what you need.

 

[Osman]

Osman updated [XTR] IP Threat Monitor with a new update entry:

1.0.26

• New: Completely rewrote the Blacklist query architecture to fix slowness on large databases (O(1) Optimization).
• New: Added "Blacklisted IP Retention" (Auto-Prune) option to prevent database bloating.
• Improvement: Integrated the new retention setting into Setup Wizard profiles.
• Improvement: Added database retention check to the Test Configuration tool.
• Fix: Added missing phrases.

This update contains a critical performance patch, especially for forums with high...

Read the rest of this update entry...

 

[Anthony Parsons]

Thanks Osman, you're a legend. Very much appreciated. I figured there was a better approach to fix this.

 

[Anthony Parsons]

Already looks much better on the charts for CPU with about 70k new IP's already compared to the previous version and wiping the table for it to be minimal. CPU has significantly smoothed out processing in handling IP tables now. Thank you.

 

[smallwheels]

@Osman After a bit over month I am really happy with this add on! I've moved my blocking criteria over from .htaccess to IP Thread Monitor almost completely weeks ago (apart from things that IP Thread Monitor is not able to do like RegEx based blocking) and it is a relief - blocking works automatically for the most part, maintenance is easy and there is not much need for manual adjustment any more now. Blocking works reliably and being able to block countries and ASNs within seconds is really helpful against resident proxies. The very high API usage I suffered from initially went down dramatically with the 1.0.25 update and is now absolutely fine. After many months of constantly dealing with bad traffic im am finally relieved thanks to IP Threat monitor.

I did have another issue with ASNs: Blocking ASNs did not seem to work well or at all - I barely found an entry blocked by ASN in the logs. I thought possibly my comments after the # could be too long and shortened them to a two digit country code - no difference. Only after I removed comments and # completely ASN blocking worked but now it works flawlessly. So possibly worth looking at that area if there is an issue with the comments option.

What I would love to see as a feature would be the option to directly block single IPs and networks. Basically it would be good to have the mechanism for whitelisting IPs and Networks reflected as well as a possiblity for blacklisting (inc. the possiblity to comment the entries if possible).

For testing and debugging purposes it could be interesting to be able to switch of the country blocking temporarily via a checkbox, at the moment one would have to delete all countries in the list for that which is very annoying and time consuming if you have blocked a lot of countries.

What would be nice would be more granular settings for blocking VPNs. A lot of the VPN hosts I see in the list clearly deserve a block, on the other hand it would be good to be able to let i.e. Opera's built in VPN pass or i.e. certain of the better VPN Provides like Proton.

Same goes for search engines: It is at the moment somewhat intransparent, which are blocked and which let through apart from Google, Bing and Quant. Would be good to have a bit of a choice here.

The area where I see a lot of future potential is analytics - it looks good, but lacks a lot of possibilities. I am still trying to figure out how to describe best what I am missing exactly w/o leading in the wrong direction or creating too much effort.