Below you may find the description of how graylisting/blacklisting works.
Any supported environment for Imunify360.
By graylisting, it is considered automatically blocking the malicious activity on the server. This is an automatically populated list and nothing can be added there manually.
When a user violates Imunify360 security rules (any brute-force activity, e.g. by trying to enter a wrong password, etc.), Imunify360 will automatically block access for the attacker's IP address, adding it to the Gray List. If, after that, a user tries to access the server via HTTP/HTTPS port, the CAPTCHA challenge will be displayed.
After passing the CAPTCHA correctly, Imunify360 will remove that user from the Graylist.
In a case of repeated violation, the IP address will be automatically added to the Gray List again.
If Captcha is not passed – the IP will get to the Black List.
An administrator can remove any IP address from the Gray List and add it to the White List if needed. In this case, the user will not be blocked when attempting to violate Imunify360 security rules. As for the blacklist, IPs can get there by manual means only unlike the Captcha events.
IPs can be also blacklisted manually unless it is not caused by the failed Captcha challenge. Otherwise, the blacklisting may occur automatically, in case the user's activity falls under our blocking ModSecurity rules.