discussion Add-Ons[XTR] IP Threat Monitor

[XenTR]

Hi,

The issue was that when you upgraded to 1.0.16, the database upgrade step didn't run properly. Version 1.0.17 includes a fix that will automatically add the missing column when you upgrade.

Thanks,

 

[Official]

A new update is available for [XTR] IP Threat Monitor by Offical.

[XTR] IP Threat Monitor 1.0.18​

Update highlights​

This release contains a critical fix for ProxyCheck.io API integration.

Fixed Issue:
Resolved an issue where VPN/Proxy checks stopped working when ProxyCheck.io "burst mode" (extra credit usage) was active.

Affected Users:
All users utilizing ProxyCheck.io API for VPN/Proxy detection with burst token feature enabled.

Symptoms:

• IPs were not being added to blacklist when burst token limit was reached
• Add-on was not processing responses even though the API was still working
• Cache clearing or reinstallation did not resolve the issue

Complete Change Log​

Added ProxyCheck.io API "burst mode" support

• API responses with "warning" status are now accepted
• Added handling for "denied" status when burst tokens are exhausted
• Added proper handling for HTTP 401/403 error codes
• Added error message detection for "burst" and "exhausted" keywords

Technical Detail
ProxyCheck.io returns status: "warning" when the daily limit is exceeded and a burst token is consumed. Previous versions only accepted "ok" status, which caused VPN/Proxy checks to stop working during burst mode.


Read more about this product...

 

[Official]

A new update is available for [XTR] IP Threat Monitor by Offical.

[XTR] IP Threat Monitor 1.0.19​

Update highlights​

This update includes a critical performance patch, especially for forums with high traffic and tens of thousands of IP log records stored in the database.

In previous versions, loading all data into server memory (RAM) to generate charts on the Dashboard and Analytics pages could cause memory limit exhaustion (Fatal Error) in some cases. With version 1.0.19, this process has been optimized by offloading the workload to the database engine. This ensures your Dashboard page loads fast and without errors, even with millions of log records.

Complete Change Log​

• Fixed "Allowed memory size exhausted" error when accessing Dashboard and Analytics pages on databases with large amounts of records.
• Chart and statistics data processing has been switched to SQL-based aggregation to prevent PHP memory exhaustion.
• Performance improvements made to statistical queries.

Read more about this product...

 

[Dannymh]

Hi,

I am getting constant error log spam

Dear Guests, welcome! Please, Log in or Register to view hide content!

 

[Dannymh]

Also getting

Dear Guests, welcome! Please, Log in or Register to view hide content!

Dear Guests, welcome! Please, Log in or Register to view hide content!

 

[Official]

A new update is available for [XTR] IP Threat Monitor by Offical.

[XTR] IP Threat Monitor 1.0.20​

Update highlights​

This update resolves two critical issues frequently appearing in Server Error Logs.

1. SimpleCache Size Limit Issue: XenForo's default caching mechanism (SimpleCache) stores data in the database with a specific size limit. When combined with data from other installed add-ons, the Cloudflare IP list could exceed this limit, triggering "Data too long" errors. Cloudflare IP data is now securely stored in your server's file system (`internal_data` folder).
2. Entity Getter Error: In some cases, an "Accessed unknown getter" error was resolved when updating user country information.

Complete Change Log​

• Fixed "Data too long for column 'data_value'" database error occurring when caching the Cloudflare IP list.
• Migrated Cloudflare IP caching mechanism from database (SimpleCache) to file-based system (File System).
• Fixed "Accessed unknown getter 'xentr_ipt_country'" error when updating user country information.

Read more about this product...

 

[Dannymh]

Still getting the below error sporadically

Dear Guests, welcome! Please, Log in or Register to view hide content!

 

[Official]

A new update is available for [XTR] IP Threat Monitor by Offical.

[XTR] IP Threat Monitor 1.0.21​

Update highlights​

Critical Fixes & Improvements

This update introduces a major architectural change to the caching mechanism, migrating from database-based storage to a dedicated file-based system to permanently resolve database size limits.

Complete Change Log​

• Fixed: Resolved the critical "MySQL Data too long" error caused by large IP lists exceeding database capacity.
• Fixed: Database performance issues caused by frequent updates from the Rate Limiter and IP services.
• Changed: The caching system has been completely rebuilt to use file-based storage instead of the database, ensuring zero database load for large datasets.
• Improvement: Optimized cache cleaning processes for better stability.

Read more about this product...

 

[XenTR]

Hello,

We have completed our investigation regarding the database error ("Data too long for column") you reported and have released update v1.0.21, which permanently resolves this issue.

Cause of the Issue: Large IP datasets (such as Apple Private Relay and Cloudflare lists) were occasionally exceeding the database column limits.

The Solution: With this update, we have completely refactored the caching architecture. Instead of storing these large datasets in the database, we have migrated to a file-based caching system, adhering to XenForo's best performance practices. This architectural change eliminates any risk of hitting database size limits.

Please update the add-on to version 1.0.21 to fully resolve the issue.

Thank you for your feedback and patience.

 

[Mike1706]

Since version 1.0.20, I've been experiencing an issue where I can't switch tabs in the admin settings when I click on them. I just discovered, after translating the phrases into German, that this only happens in the German language. Do you have any suggestions on where I might be looking for the correct phrases to check if I've entered something incorrectly? Oddly enough, it worked fine up until version 1.0.19 (in German). And the phrases haven't been changed since then, have they?

is working....

cannot switch through the tabs...

Ahhh forgot. If I use the settings switch from the add-on menu (german language is selected) is works, too.

It's only if I try to use it from the list onj the left (settings)

 

[Dannymh]

1.21 crashed my site, exhausted the memory usage on my site through NGINX which had to shut itself down because of this. When I disable the addon it stops doing this, though its very hard to catch the site in a moment where I can switch it off because of NGINX being down. This also crashes my connection via SSH.

Additional Request: Ability to turn of the alert that goes out to staff, there is a fair bit of alert SPAM going on for me. Also I am getting a lot of blacklisted IP's however I am still getting smashed with malicious traffic and most of it bot traffic

 

[Official]

A new update is available for [XTR] IP Threat Monitor by Offical.

[XTR] IP Threat Monitor 1.0.22​

Update highlights​

This update brings critical improvements regarding stability and performance. We have optimized processes that could impact server load during high-traffic attacks and resolved issues related to the installation/uninstallation process.

Highlights:

• Smarter & Faster: The blocking mechanism now operates in a non-blocking mode, ensuring server resources are used much more efficiently without causing delays.
• Better Management: Admin alert notifications sent during attacks can now be disabled via options.
• Robust Installation: The updater now includes a self-healing feature that automatically repairs missing or corrupted database tables during the upgrade.

Complete Change Log​

• Rewrote the file locking mechanism to use Non-blocking I/O. This prevents server hangs/lag during heavy DDOS attacks or high traffic.
• Added a new option to disable admin alert notifications to prevent inbox flooding during attacks.
• Fixed a fatal error that could occur when uninstalling the add-on.
• Fixed an issue where saving settings (Blocked ASNs, Countries, etc.) would fail with invalid input. Invalid entries are now gracefully stripped.
• Added automatic database schema repair logic during upgrade. If tables or columns are missing, they will be recreated automatically.
• Fixed a character encoding issue affecting the German language pack.

Read more about this product...

 

[Mike1706]

Hi Osman

So far I see, the issue is still present (no Tab switching with german language activated).

However, I can live with switching to English at short notice if necessary.

But I want to give you a feedback!

Greetz

Mike

 

[XenTR]

Hi Mike, thank you for the feedback.

The 'Tab switching' issue you mentioned is not a bug in the add-on's code itself, but rather a syntax error within the German language pack being used. Most likely, one of the translated phrases contains an unescaped quote or a broken HTML tag. This breaks the page's JavaScript execution, preventing the tabs from functioning.

 

[Mike1706]

Hi Osman..

That's what I first thought, too.

I'm especially aware that the source of the problem is usually the user sitting right in front of the monitor!
I'll take a look at them in the next few days and compare.

Thanks a lot, Osman!

 

[Official]

A new update is available for [XTR] IP Threat Monitor by Offical.

[XTR] IP Threat Monitor 1.0.23​

Update highlights​

This maintenance and feature update addresses specific customer feedback regarding immediate blocking and statistics accuracy.

• Instant Country/ASN Blocking (Force Check): We've introduced a new option: "Force API Check for Block Lists". Previously, the system might not immediately check visitors if they weren't suspicious, meaning someone from a blocked country could browse as a guest. With this new option enabled, every new visitor is checked against the API immediately. If they match your Blocked Country or ASN list, they are blocked on their very first request. (Note: Enabling this will increase API usage).
• Dashboard Statistics Fix: The "Top Threat Countries" widget was previously counting all visitors. It has been updated to count only Blocked and Blacklisted IPs, providing a true picture of your threat landscape.
• Critical Stability Fix: Fixed a server-side error related to caching logic that could occur during API communication.
• Usability:
  • Comments in your ASN Block list are now preserved correctly.
  • Fixed missing country flags in the IP Log list (flags will appear as new data is populated via Force Check).

Complete Change Log​

• Feature:Added Force API Check for Block Lists option. Ensure immediate blocking of visitors from banned Countries/ASNs by forcing an API lookup on their first visit, regardless of the VPN check mode.
• Bug Fix: Addressed a logical issue in "Top Threat Countries" dashboard stats where legitimate visitors were incorrectly included in the count. It now strictly reflects Blocked and Blacklisted IPs.
• Bug Fix: Fixed a critical "Call to a member function setValue() on null" error in IPThreatLog repository which could crash the system during API health checks or flag retrieval.
• Bug Fix:Resolved an issue where comments in the Blocked ASN list (text after #) were being stripped upon save.
• Visual: Fixed missing country flags in the admin dashboard IP list by ensuring country data is properly populated via the new Force Check mechanism.

Read more about this product...

 

[Official]

A new update is available for [XTR] IP Threat Monitor by Offical.

[XTR] IP Threat Monitor 1.0.24​

Update highlights​

This update addresses a critical memory exhaustion error caused by the excessive growth of Apple's iCloud Private Relay IP list.

What Was the Problem?​

Apple's official Private Relay IP list (

Dear Guests, welcome! Please, Log in or Register to view hide content!

) has grown to approximately 287,000 entries. The previous version loaded this entire list into memory at once, causing:

• On high-traffic sites
• With 256 MB or lower PHP memory limits
• During cache-cold moments (after server restart)

The error "Fatal Error: Allowed memory size exhausted" to occur.

What Changed?​

1. Smart Streaming: The IP list is now read in 4KB chunks instead of being loaded entirely into memory.
2. IPv6 Optimization: 245,000 IPv6 addresses are now deduplicated into unique /48 prefixes (~25,000).
3. Lock Mechanism: Prevents multiple concurrent requests from hitting the Apple API simultaneously.

Results​

Metric	Before	After
Memory Increase	32+ MB	0 MB
List Size	287,000	27,000

Update Recommendation​

All users who have enabled Apple Private Relay exemption are strongly encouraged to update to this version.

After updating, toggling the "Allow iCloud Private Relay" option off and on in the add-on settings will regenerate the cache.

Complete Change Log​

Bug Fixes

• Fixed Apple Private Relay memory exhaustion error
  Apple's iCloud Private Relay IP list has grown to ~287,000 entries, causing "Allowed memory size exhausted" errors on high-traffic sites.
• Implemented stream-based CSV parsing
  Instead of loading the entire IP list into memory at once, the file is now read line-by-line in 4KB chunks.
• Added IPv6 prefix deduplication
  245,000+ IPv6 /64 entries are now aggregated into ~25,000 unique /48 prefixes.
• Added IPv4 CIDR filtering
  Only /28 and larger subnets are retained, eliminating unnecessary granular entries.
• Added thundering herd protection (Lock mechanism)
  Prevents concurrent requests from simultaneously hitting the Apple API when cache is empty.

Performance Improvements

• Memory usage: 100% reduction (32 MB → 0 B increase)
• List size: 90% reduction (287K → 27K entries)
• Cache file: 85% smaller (~15 MB → ~2 MB)

Read more about this product...

 

[TBolley]

is there any way to block proxy, VPN or Tor for selected usergroups ? To force users to use their real IP address.

 

[Official]

A new update is available for [XTR] IP Threat Monitor by Offical.

Dear Guests, welcome! Please, Log in or Register to view hide content!

[XTR] IP Threat Monitor 1.0.25​

Update highlights​

With this release, we have completely overhauled the infrastructure and are excited to announce Local MaxMind GeoIP2 Integration, eliminating the dependency on external APIs!

Key Features

• MaxMind GeoIP2 Integration (NEW):You are no longer dependent on external services or limited APIs (like proxycheck.io) for IP country lookups!
  • Unlimited and lightning-fast lookups using a local database hosted on your server.
  • New Scheduled Task (Cron job) to automatically update the GeoIP database.
  • Analyze your traffic without worrying about API limits.
• Smart Setup Wizard (NEW):No need to struggle with complex settings. Configure the add-on with a single click using our new wizard:
  • Starter: Logging only, no blocking.
  • Standard: Balanced protection, shows Captcha for suspicious activity.
  • Aggressive: High security, ideal if you are under attack.
  
  After updating, it is recommended to manually run the "XENTR: Update GeoIP Database" task once from Admin Log > Tools > Cron entries.

Complete Change Log​

• [NEW] Integrated MaxMind GeoIP2 library. Country lookups are now performed via a local database.
• [NEW] Added a Setup Wizard with 3 pre-defined protection profiles (Starter, Standard, Aggressive).
• [NEW] Added a Cron Job system to automatically download and update the GeoIP database.
• [NEW] Added "Composer Autoload" support (Essential for loading Vendor libraries correctly).
• [IMPROVEMENT] Reduced dependency on 3rd party APIs, resulting in significant performance gains.
• [FIX] Resolved GeoIP class loading issues on certain server configurations.

Read more about this product...

 

[Official]

A new update is available for [XTR] IP Threat Monitor by Offical.

[XTR] IP Threat Monitor 1.0.26​

Update highlights​

This update contains a critical performance patch, especially for forums with high traffic and hundreds of thousands of "Blacklisted" records in their database.

Highlights:

• Blazing Fast Queries: The IP check mechanism, which could previously lock up the server, now responds in milliseconds even with millions of records in the database.
• Database Hygiene: You can now automatically prune blacklisted IP records older than a specified number of days (e.g., 30 days). This feature smartly deletes only unnecessary data without touching active bans or the whitelist.

We strongly recommend all customers upgrade to this version.

Complete Change Log​

• New: Completely rewrote the Blacklist query architecture to fix slowness on large databases (O(1) Optimization).
• New: Added "Blacklisted IP Retention" (Auto-Prune) option to prevent database bloating.
• Improvement: Integrated the new retention setting into Setup Wizard profiles.
• Improvement: Added database retention check to the Test Configuration tool.
• Fix: Added missing phrases.

Read more about this product...