![]() You see the results and you see the networks that the IP address belongs to. So you click the link on one of the visits in Live Traffic to do a Whois on the IP address. You see a link in your live traffic for each visit titled “Run a WHOIS on 9.9.9.10”. You see several IP addresses attacking you that start with (and this is just an example) 9.9.9.9 and 9.9.9.10 and 9.9.9.14 and 9.9.9.20. Lets say your website is under attack and you’re seeing the attack in Wordfence Live Traffic. How to block networks on the Live Traffic page using WHOIS and Blocking When looking at the WHOIS results page for an IP address, scroll down because often the smaller block of IP addresses that defines a network the IP address belongs to is in the lower part of the WHOIS results. That is why we show you the number of IP addresses in each network to help you quickly select the smallest block of IP addresses to block. In general, you want to pick the smallest network shown. Note that when you see the results of a WHOIS query for an IP address, you will often see multiple networks listed that the IP address belongs to. Now all you have to do is enter the reason why you are blocking the network and click the button to save the blocking rule. If you click a network that has been hot-linked in the WHOIS results then it takes you directly to Wordfence “Blocking” page and puts the IP address range you clicked on in the range field. It also tells you how many addresses are in that network and in this case it is 256 addresses. When you do a lookup, Wordfence tells you that the range of addresses in this network are 8.8.8.0 to 8.8.8.255 and it gives you a helpful link that you can click on to be able to block that network. Wordfence makes this really easy by giving you a way to find out which network an IP address is on. But you might not be sure what the range of addresses in the network is. In this case, you want to block an entire network and all IP addresses on that network from accessing your site. You might receive attacks from 8.8.8.9 and 8.8.8.10 and a few other sequential IP addresses or IP addresses that are close together in the address space. Sometimes you will not just receive attacks from a single IP address like 8.8.8.8 (for example). In this case, the contact email is and so if that IP address attacks your website, you can just send an email telling them to stop attacking your website, or (and this is more likely) that their server has been hacked and someone is using it to attack your site. Now try entering an IP address like 8.8.8.8 and you will see which network that IP address is part of, who owns the IP address, and who to contact if you are seeing malicious activity originate from that IP address. Wordfence tries to be helpful by making the email addresses and other items clickable in the response to save you work. You can see when the domain name was registered, when it expires, who the registered owner is, and also one or more contact email addresses. To use WHOIS in Wordfence, simply enter a domain name like and hit the button to find out who the owner is of that domain name. In most cases, you are interested in knowing who owns an IP address that is visiting your site or is engaged in malicious activity on your site. WHOIS Lookup can be used to find out who owns an IP address and who owns a domain name.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |