Determining IP address

  • Resolved Octave Doctor

    (@octavedoctor)


    5 years, 2 months ago

    This morning I was blocked from my site (the frontend as well as the admin panel) when I went to investigate why it was down (I had received a notification from Jetpack plugin that my site was offline). Actually, the page that came up said that my access to the site had been limited. I tired using the unblock email, which did allow me to the login page. But after entering my credentials it just took me right back to the block page. I was forced to disable Wordfence via SFTP. The reason for the block or limiting was “Blcoked by login security setting”.

    I followed the advice in Wordfence documentation to enable the Wordfence Assistant and then disable the firewall and reactivate Wordfence. Once I had Wordfence reactivated I took a look at my live traffic logs, and I believe I’ve found the cause of the trouble but I’m not sure the best way to resolve it. I currently use the free version of Cloudflare CDN, and all traffic to my site is being routed through Cloudflare including my own. When I run “whois” on the live traffic hits, they all return “Cloudflare” as the NetName and OrgName.

    The problem with this is that, for some time now, I have been experiencing a large number of brute force attacks using invalid usernames. I have Wordfence set up to block all such attempts as at the moment there are no other users. Because all IP address are appearing to come from the same place (Cloudflare), my own as well as the hacker’s, I was blocked from my site. I could even see on the live traffic list where a hacker was routed on the same exact IP address as me.

    Currently Wordfence is set to the default “Let Wordfence use the most secure method to get visitor IP addresses. Prevents spoofing and works with most sites.” Which obviously is not the right setup for my site. I think that using “X-Forwarded-For HTTP header” or “X-Real-IP HTTP header” would be better, but I don’t know which one I should use or if it even makes a difference. In addition to the Cloudflare free CDN, my hosting provider uses Varnish reverse proxy cache, if that makes a difference here.

Viewing 4 replies - 1 through 4 (of 4 total)

  • Hey @octavedoctor,

    I believe you’re correct in the assumption that Wordfence isn’t currently able to detect the right IPs. Can you try switching to CF-Connecting-I HTTP header to see if it can get the correct IPs?

    Please let me know how it goes.

    Thanks,

    Gerroald

    Thread Starter Octave Doctor

    (@octavedoctor)

    Hi @wfgerald ,

    I actually spent some time this morning with the different settings. I tried X-Forwarded-For, X-Real-IP HTTP, and CF-Connecting-IP. They all returned the exact same IPs as the original default setting, all of which pointed to Cloudflare.

    Until this I was considering to purchase the premium Wordfence, but I can’t risk being locked out of my own site again. I have actually just now removed Wordfence and chosen a different paid security plugin which does not have any trouble determining IPs.

    Thanks,
    OD

    @od Can you please send an email to wftest [at] wordfence [dot] com? I need to ask some specific questions to troubleshoot this further. Make sure and include a link to this post in the message body and your forum username in the subject line. If you could also send a diagnostics report to the same address that would be awesome.

    Tim

    Hey @octavedoctor,

    We haven’t heard back from you in a while, so I’ve gone ahead and marked this thread as resolved.

    Please feel free to open another thread if you’re still having issues with Wordfence.

    Thanks,

    Gerroald

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Determining IP address’ is closed to new replies.