Banned IP is 127.0.0.1

  • Hi
    I have been locked out of my own website because the ‘Limit Login Attempts Reloaded’ plugin logged the attacking address as 127.0.0.1.

    Can the plugin recognize this(127.0.0.1) as a fake IP? Where is the banned IP stored?I presume that I can remove my IP and I should be able to login again.

    By the way, I have whitelisted my own IP and I still got locked out because the attacker was using 127.0.0.1

    I have also noticed that a number of the attacking IP addresses are listed something like 91.210.144.205, 127.0.0.1. How do I blacklist such an address your current format does not recognize such a pattern.

    Thanks

Viewing 4 replies - 1 through 4 (of 4 total)

  • This is happening to us as well. I can’t find much about it but somehow Limit Login Attempts is blocking localhost (127.0.0.1) instead of the attackers’ IP addresses. The result is that whenever someone enters bad credentials, everyone gets kicked out of their account and nobody can log in until the ban expires.

    Are you by chance using Cloudflare or WebARX? I’m wondering if it could be some kind of conflict.

    Edit: According to this thread, it may be a conflict with Cloudflare. I can’t find any good documentation about this though. Is there a way to fix this?

    Edit 2: I did some testing and it seems that you can whitelist 127.0.0.1 to prevent the lockouts, but that also prevents legitimate lockouts as well.

    • This reply was modified 6 years, 3 months ago by pikamander2.
    • This reply was modified 6 years, 3 months ago by pikamander2.
    Plugin Author WPChef

    (@wpchefgadget)

    Hello guys,

    We’re working on this.

    [ Signature deleted ]

    • This reply was modified 6 years, 3 months ago by Jan Dembowski.
    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    Side note: Hi WPChef, Thanks for the great support but please lose the signature. That’s prohibited in these forums as it’s been horribly abused in the past by others.

    Regards,
    WPChef Team

    Yes, bad people ruin it for others. Please refrain from that.

    https://www.ads-software.com/support/guidelines/#avoid-signatures

    Plugin Author WPChef

    (@wpchefgadget)

    Hello,

    Jan, got you, sounds good.

    Regarding the issue: it would be really helpful if one of you guys upload a php file on your server and paste a link to the file here. The content of the file should be this:

    <?php

echo 'HTTP_X_FORWARDED_FOR = ' . $_SERVER['HTTP_X_FORWARDED_FOR'] . '<br>';
echo 'HTTP_X_SUCURI_CLIENTIP = ' . $_SERVER['HTTP_X_SUCURI_CLIENTIP'] . '<br>';
echo 'REMOTE_ADDR = ' . $_SERVER['REMOTE_ADDR'] . '<br>';

    It will help us to better understand what’s going on.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Banned IP is 127.0.0.1’ is closed to new replies.

Tags