Announcement

Collapse
No announcement yet.

Imunify360 false positive: why was this IP grey listed?

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Imunify360 false positive: why was this IP grey listed?

    Had a lot of reports from clients over the weekend that WordFence not completing scans. Discovered that 69.46.36.28 (noc1.wordfence.com) was greylisted, apparently recently since the scans just stopped a couple days ago.

    Is it possible to determine why this IP was greylisted?

    Can 69.46.36.28 be removed from the greylist? (Ive already added it to the CSF allow list on my servers where clients use WordFence.)
    Tags: None
  • #2
    You can obtain the reason why this address has been greylisted by searching for it in the Incident list.
    Removal instructions can be found at http://docs.imunify360.com/firewall.htm

    Comment

    • #3
      Alexandres reply does not quite answer the question. (Cant tell if Alexandre is from CloudLinux or just a helpful user replying.)

      The incident list does indicate activity related to the IP on the server. But it does not tell why an IP is in the graylist in the first place.

      For example, if the IP is highlighted "gray" -- list of IPs in the herd-immunity list from CloudLinux -- the rule violation on my server is displayed. But when I open the greylist page there is no indication why the IP was included in the list.

      Comment

      • #4
        I see the point: theres actually no Comment field for graylist entries - it will be added in one of future releases (can be tracked by DEF-953 identifier in Imunify360 blog)

        Comment

        • #5
          Great, thanks for the update!

          Comment

          Previous template Next
          Working...
          X