How to Use Security FireWall Log
1. First go to your Security Dashboard. Choose "Site Security" in the "Services" menu:
2. Then go to your Security FireWall Log:
3. You are on the Security FireWall Log page now:
1. Export logs button. You can export your logs to an CSV file.
2. Filters section.
A - The time period for all records you want to see.
B - Website for which you want to see the security firewall records.
Leave the field empty to see the security firewall records for all websites.
C - Searching records by an IP address.
D - Searching records by a country.
E - Searching records by the filtration result (Allow/Deny).
F - Searching records by a User-Agent. Works with partial words too.
3. Date when the event happened.
4. Website where the event happened.
5. Request's URL.
6. Visitor's IP information.
7. What country that IP belongs to.
8. The number of events that happened.
9.Result (Allow/Deny). Possible reasons of blocking by the Security Firewall and their descriptions:
- Deny - А visitor’s IP address is blacklisted by common CleanTalk list or by the personal blacklists of your website.
- Deny by network - А visitor’s IP address belongs to a subnet of high spam activity, or to a subnet that cannot have IP addresses of real human visitors.
- Deny by DDoS - DoS activity detected from the visitor's IP address. Visitor exceeded the number of allowed requests set by Traffic control.
- Deny by WAF - Malicious code has been detected in the GET-requests to your website (XSS attack), injection of malicious SQL requests to your website has been detected (SQL-injection attack), exploit detected, malicious files upload detected.
- Attacks to hack admin access - brute-force on login page detected.
- BlackListed by hacking attempts - hacking attempts detected.
- BlackListed by suspicious activity - suspicious activity detected.
Detailed Descriptions:
- PASS - Passed by personal lists.
- PASS_BY_TRUSTED_NETWORK - Passed by personal lists. Trusted network. Click on IP for details.
- PASS_BY_WHITELIST - Passed by personal lists. Whitelisted.
- DENY - Blocked by personal lists. Blacklisted.
- DENY_BY_NETWORK - Blocked by personal lists. Hazardous network.
- DENY_BY_DOS - Blocked by Traffic control
- DENY_BY_WAF_BLOCKER - Blocked for 24 hours by Web Application Firewall: several attacks detected in a row
- DENY_BY_WAF_XSS - Blocked by Web Application Firewall: XSS attack detected.
- DENY_BY_WAF_SQL - Blocked by Web Application Firewall: SQL-injection detected.
- DENY_BY_WAF_FILE - Blocked by Upload Checker module: Malicious files upload.
- DENY_BY_WAF_EXPLOIT - Blocked by Web Application Firewall: Exploit detected.
- DENY_BY_SEC_FW - Blocked. Hazardous network. Security source.
- DENY_BY_SPAM_FW - Blocked. Hazardous network. SFW source
- DENY_BY_BFP - Blocked by BruteForce protection system
You can add IP to your personal Security list by pressing the "To Personal black & white lists".
If you haven't found the answer to your question, please, contact our support team:
https://cleantalk.org/my/support/open
It would also be interesting
- All Installation Manuals of CleanTalk Anti-Spam ServiceCleanTalk Anti-Spam Installation Guides Here you can find our plugin installation guides for popular...
- White Label Option in the Anti-Spam Plugin by CleanTalkHow to use the White Label Option in the Anti-Spam Plugin by CleanTalk The CleanTalk plugins...
- Security service FAQThe CleanTalk Security Service FAQ Features What is Traffic Control and how to use it? What is the Outbound...