Closed (works as designed)
Project:
http:BL
Version:
6.x-2.0-rc1
Component:
Miscellaneous
Priority:
Normal
Category:
Support request
Assigned:
Unassigned
Reporter:
Created:
11 Jan 2012 at 17:26 UTC
Updated:
12 Jan 2012 at 22:59 UTC
Status page shows:
http:BL is enabled and has blocked 0 visits (0 blacklisted and 0 greylisted).
- Nothing in watchdog
- Nothing listed on: admin/reports/blocked_hosts
Blackist check: On all requests
Caching: Database cache and Drupal access table
Looking at my webstats I can see visits from multiple IPs that are active in the projecthoneypot.org database.
http://www.projecthoneypot.org/ip_85.117.224.52
For example; shouldn't that user be caught and blacklisted?
Comments
Comment #1
bryrock commentedCan you post a screenshot of your settings? (block out your honeypot account).
Make sure you are not only checking comments, but "all requests."
The example you sent would not be blacklisted by default (it would have been greylisted with a white-list challenge). The default blacklisting threshold is a threat score higher than 50.
Comment #2
dvancamp commentedThanks bryrock. Just checked back in and it has greylisted 17 and blacklisted 1. Didn't make any changes to the settings just seems to have taken a day for it to "kick in" - probably a caching issue. Many thanks.