IP address being spoofed?

  • Resolved sagency

    (@sdagency)


    1 year, 4 months ago

    Have a client who is getting the lockout screen. Upon looking at his logs I see the hacker(s) using his legit IP address and his username, mine and othe non-existent names. Is there anything than can be done to keep the client from being blocked or banned if a hacker is spoofing his IP? Not even sure how they would get his IP in the first place.

    Attaching screenshot below and the settings are…

    How does Wordfence get IPs:
    Let Wordfence use the most secure method to get visitor IP addresses. Prevents spoofing and works with most sites. (Recommended)

    When I geolocate the IP address it looks like it possibly could be for Google servers used by his host. Is it possible Wordfence is interpreting all logins from the same IP as the server and not the user?

    Thanks.

    View post on imgur.com
    • This topic was modified 1 year, 4 months ago by sagency.
    • This topic was modified 1 year, 4 months ago by sagency.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter sagency

    (@sdagency)

    SOLVED. This is specific to Siteground who has been moving all client sites to new Google servers. For some reason during this transition all WP users were interpreted from the same server address. This means if a hacker used a fake username (or even a legit one) once they failed with the password it would block EVERYONE because everyone was recognized from that IP.

    Once we updated the A record to the new server for the website Wordfence then showed unique geolocations for each login attempt.

    Good to know!

    Thank you, @sdagency ! That seems to be my problem, as well. I forgot about SiteGround’s warnings about this. Just updated DNS; expecting the problem to go away soon.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘IP address being spoofed?’ is closed to new replies.