Defender possibly causing ip to get blocked

hi,
my ip has been blocked at SiteGround three (3) times in about 24 hours and i am suspecting Defender.
i was doing a lot of testing with buddy press plugins amongst others so it is hard to be certain, but my recollection is leading me to believe that Defender was the last i was using on the first two occasions i got blocked.
the third was when i awoke and visited my site first thing this morning and i had auto scan scheduled for around 2am last night.
they quickly remove the block but the point is this is a HUGE inconvenience.
by block i mean i cannot access my email, website, cpanel or FTP.
i am on their "Cloud" plan not the GoGeek etc. shared.
support says it is very strange because their Cloud does not have automatic ip blocking only the shared (which i find kind of scary).
another note is that i can recall not being able to access the website or wp admin but when i went into FTP and deleted the .htaccess files Defender created i then got access.
i basically applied all the hardening EXCEPT the ones that instructed applying code to NGINX server such as "Prevent PHP execution" and "Prevent Information Disclosure".

so my question really is,
can the hardening, scans, etc. that Defender applies cause such issues where my server would block my ip ?

one more thing is i am seeing all the hardening i applied as "resolved" even though i deleted the .htaccess files - but now the .htaccess files are back in FTP but empty (no code in them).
and i dare NOT even try to "revert" or apply them again in case i get locked out again.

your very kind assistance in this would be greatly appreciated.
support access granted if need be.
thanks in advance.

  • Hoang Ngo

    @rc5,

    I hope you are well today and I'm sorry for the issue.

    Usually, if this thing happened, the host will send you some emails to alert and explain why your IP get blocked. In this case, I think better we should contact the host, and check what is the reason.

    If that defender, I will push a fix ASAP.

    If you have any additional issues, please let us know and we'll be happy to help.

    Best regards,
    Hoang

  • amused

    hi @webexperts09
    they have gotten back to me and said that my ip "was manually blocked by a colleague"
    so basically it was blocked internally/manually by SiteGround.

    they have also stated
    "The plugin does however generate a lot of executions"
    and
    "For now we can recommend to monitor this plugin - see if the server slows down each time it is used - if that's the case we can check if there's anything we can do on our end to speed it up."

    they also mentioned memory allowed to the site,
    i am on cloud with 256MB allocated php memory and can change that higher if needed.
    would the scans, blacklist, etc. really need more than this ?

    the bottom line is my ip was blocked because of the plugin.
    so i am thinking that going forward perhaps improvements can be made to reduce executions ?
    i guess this cannot be avoided on large sites.
    also i noticed that on the plugin usage page there is an image showing ability to skip file types such as images etc. but i do not see this in my admin. is this not yet released ?

    also possibly the ability to whitelist your server that may be performing the scans ?
    (i do not even know technically if that makes sense, if its the plugin and not your server performing the scans etc. because it was my ip that got blocked).

    your kind thoughts and feedback would be greatly appreciated.
    thanks again

  • Hoang Ngo

    Hi @rc5,

    Many thanks for your infor and your effort.

    "was manually blocked by a colleague"
    so basically it was blocked internally/manually by SiteGround.

    "The plugin does however generate a lot of executions"

    I'm sorry for bothering you again :slight_frown:, but a hosting will have their policy for the case blocking an IP. So we need to know, which part of your website violate to be blocked, example using heavily resources, suspicious behavior, DDOS, etc. A generic answer like that just like a dead end. As I don't have any clues to work on, and this is a first ticket about this issue :slight_frown:.

    also possibly the ability to whitelist your server that may be performing the scans ?
    (i do not even know technically if that makes sense, if its the plugin and not your server performing the scans etc. because it was my ip that got blocked).

    Currently we focus on analyse PHP file only, yes, the other will come soon :slight_smile:

    I'm sorry for the issue again :slight_frown:, I will try my best to fix it ASAP.

    Best regards,
    Hoang

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.