How to Use Security FireWall Log

 

1. First go to your Security Dashboard. Choose "Site Security" in the "Services" menu:

CleanTalk Site Security Service Dashboard

 

2. Then go to your Security FireWall Log:

CleanTalk Site Security FireWall log

 

3. You are on the Security FireWall Log page now:

CleanTalk Site Security FireWall log

 

 1. Export logs button. You can export your logs to an CSV file.

 2. Filters section.

     A - The time period for all records you want to see.

     B - Website for which you want to see the security firewall records.

           Leave the field empty to see the security firewall records for all websites.

     C - Searching records by an IP address.

     D - Searching records by a country.

     E - Searching records by the filtration result (Allow/Deny).

     F - Searching records by a User-Agent. Works with partial words too.

User-Agent search security firewall log

3. Date when the event happened.

4. Website where the event happened.

5. Request's URL.

6. Visitor's IP information.

7. What country that IP belongs to.

8. The number of events that happened.

  • Deny - А visitor’s IP address is blacklisted by common CleanTalk list or by the personal blacklists of your website.
  • Deny by network - А visitor’s IP address belongs to a subnet of high spam activity, or to a subnet that cannot have IP addresses of real human visitors.
  • Deny by DDoS - DoS activity detected from the visitor's IP address. Visitor exceeded the number of allowed requests set by Traffic control.
  • Deny by WAF - Malicious code has been detected in the GET-requests to your website (XSS attack), injection of malicious SQL requests to your website has been detected (SQL-injection attack), exploit detected, malicious files upload detected.
  • Attacks to hack admin access - brute-force on login page detected.
  • Denied by WAF Blocker for 24 hours - Several attempts at malicious activity.
  • BlackListed by hacking attempts - hacking attempts detected.
  • BlackListed by suspicious activity - suspicious activity detected. 
  • Allowed - Passed by common lists.
  • Allowed by trusted network - Passed by trusted lists.
  • Allowed by whitelist - Passed by personal lists. Whitelisted.

You can add IP to your personal Security list by pressing the "To Personal black & white lists".

 

 

If you haven't found the answer to your question, please, contact our support team:

https://cleantalk.org/my/support/open

 

 

Was this information helpful?

It would also be interesting

Copied to clipboard