Add-Ons [XTR] IP Threat Monitor 1.0.6

[Offical]

A new update is available for [XTR] IP Threat Monitor by Offical.

[XTR] IP Threat Monitor 1.0.6​

Update highlights​

This update introduces full support for Apple's iCloud Private Relay. A new option "Allow iCloud Private Relay" has been added (enabled by default) which ensures that users browsing via iCloud Private Relay are not mistaken for VPN/Proxy abusers. This allows you to keep strict VPN protection enabled (e.g., "First Visit" mode) without blocking legitimate Apple users.

Complete Change Log​

New

• Added "Allow iCloud Private Relay" option to prevent false positives.
• Exempts legitimate Apple iCloud Private Relay traffic from VPN/Proxy blocks.

Read more about this product...

 

[Mike1706]

Hello!

Like your Add-On very much!

I have the feeling that IP logging has stopped working in my environment since version 1.0.4. Specifically, no attempts are being recorded anymore. The same result occurs with versions 1.0.5 and 1.0.6. With version 1.0.3, everything was logged, and I was also notified of attacks. I have XenForo v2.37 installed.

Till today 02:41 am I run the downgrade to v1.0.3. Updated to v1.0.6 in the hope that this is fixed.

ScreenShot:

Dear Guests, welcome! Please, Giriş Yap or Kayıt Ol to view hide content!

 

[XenTR]

In v1.0.3, was your VPN Detection enabled or disabled? Also, what is your current VPN Check Mode setting in v1.0.6

 

[Mike1706]

Dear Guests, welcome! Please, Giriş Yap or Kayıt Ol to view hide content!

Hello

Was enabled in all versions. And the current VPN Check Mode was and is in moderate mode.

Never changed it in all versions. ProxyCheck.io key is inserted and working. BTW: same result in v1.0.7 !

Dear Guests, welcome! Please, Giriş Yap or Kayıt Ol to view hide content!

I'm going to delete everything now, restart my server, and set it up again. I'll get back to you with feedback.

Mike

 

[Mike1706]

Got two entries the whole afternoon. Both are IPv6.

With v1.0.3 I got the first 24 hours about 1500 (IPv4 and IPv6).

Strange...

 

[XenTR]

Dear Guests, welcome! Please, Giriş Yap or Kayıt Ol to view hide content!

Hello,

This change is actually intentional and part of the new Performance Optimization system introduced in the latest versions.

In older versions (like v1.0.3), the add-on was logging every single request, including static files like

css.php, js.php, and backend tasks. This meant a single page view could generate 20-30 log entries, causing unnecessary database bloat and "fake" high traffic numbers.

In the new version:

1. Noise Filtering: We now automatically exclude static files (CSS, JS, Fonts) and internal system calls. We only log actual page views and interactions.
2. Smart Caching: Safe and known IPs are cached in memory to reduce database write operations.
3. IPv6 vs IPv4: You likely see IPv6 entries because they might be rotating more frequently or are not yet cached, whereas your IPv4 traffic (like your own IP) is likely whitelisted or cached as "Safe".

In short: The drop from 1500 to a few entries means the add-on is now working much more efficiently, logging only actual visits and potential threats, rather than spamming your database with static file requests.

 

[Mike1706]

Dear Guests, welcome! Please, Giriş Yap or Kayıt Ol to view hide content!

Ah understand!

Thank you very much for your detailed explanation!

But one question to this: Maybe I repeat myself...

Topic blacklistening IP's (IPv4 mostly).

So only really attacks will be blocked now? Not unwanted visitors (ex. from the far east (Vietnam, China, etc.)?

Mike

 

[XenTR]

Let me clarify the two different protection layers:

1. Reactive Protection (Rate Limiting): This is what I explained before. If a legitimate-looking user starts attacking or refreshing pages too fast, they get blocked.
2. Proactive Protection (Immediate Block): This does NOT wait for an attack. It blocks unwanted visitors immediately on their first visit if they match your block rules.

To answer your question directly: If you have enabled VPN/Proxy Detection or the new ASN Blocking, unwanted visitors (e.g., from specific regions using proxies or hosted on server farms like Alibaba/Tencent) are blocked immediately, even if they visit just once.

So, you are protected against both:

• Attacks: Blocked by Rate Limiter.
• Unwanted Visitors: Blocked by VPN/ASN filters (without needing to attack first).