Quote Originally Posted by HeathenMagic View Post
Not sure if an intermittent glitch, but doing an order for a customer in their account (pay via phone, select cash as method and put through) once logged in it showed the forbidden access screen. I tried my test account and the same thing for that also. Though it was 2 hours after abuseipdb daily limit exhausted. Though doing the same process just now, it is fine. I am guessing it may be AbuseIPDB service may do this due to exhausted access?
I also tried after exhaustion on mobile data, and the same forbidden once logging in. But not logging, it seemed okay.
When the AbuseIPDB daily quota was exhausted, older builds could treat the “-1” score in a way that kept incrementing flood counters on each refresh. That could tip your 2-octet/3-octet thresholds and show the Forbidden page especially right after login.

This is now fixed in v4.0.9:

“-1” (API exhausted) is now treated as safe (like score 0),

flood is seeded once (no per-refresh increments), and

no flood-based blocking occurs while the API is exhausted.

Download and install the updated v4.0.9 module available on GitHub: https://github.com/CcMarc/AbuseIPDB/...PDB_v4.0.9.zip