Strange IP Reported

  • A strange thing happened when I logged into my site.

    I received the usual Wordfence notice that a login took place, but it said that the login was from a different IP than my own and from a different city. Here is a snippet from the message:

    A user with username “XXXXXXX” who has administrator access signed in to your WordPress site.
    User IP: 23.27.44.182
    User hostname: 23.27.44.182
    User location: San Jose, United States

    I’m on the east coast with a different IP. I made a new user account/password and deleted the old one, but I’d like to know what is going on here. I Googled the above IP address and found it was reported as spam. Can anyone shed some light on this?

    Not sure if this has anything to do with it, but I am also experiencing a problem with Outlook… after about 30 minutes after I log into Outlook, I get a pop up dialogue box asking me to log in again, but my password does not work. I can only log in again if I reboot. I Googled it and did not find the exact issue, but found it might have something to do with my IP. I did not deal with this yet.

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)

  • Hi @thinkblissful,

    Can you check if you accessed your website with your phone on mobile data, or with a VPN? It may be possible that you signed in to your WordPress site on another IP address.

    If it is indeed not your IP address, you may want to take the following precautions:

    1. Run a virus scan on your computer
    2. Change your passwords on different websites that were using the same password
    3. Run a scan with WordFence to see if the attacker installed anything malicious

    It was excellent that you immediately deleted the account when you were suspicious.

    Dave

    Thread Starter Scott’s Money Machines

    (@thinkblissful)

    I now realize that I have a dynamic IP, so the login email address may have been mine. But that does not explain why it showed the wrong location (San Jose). I ran a virus and malware scan as instructed. All my sites use different passwords, so no need to make changes there. I also ran a WordFence scan and no issues were found. Should I have any further concerns?

    Wordfence uses Maxmind to determine the country/state/city of an IP address.

    https://support.maxmind.com/geoip-faq/geoip2-and-geoip-legacy-databases/how-accurate-are-your-geoip2-and-geoip-legacy-databases/

    According to Maxmind’s FAQ:

    The downloadable databases were 99.8% accurate on a country level, 90% accurate on a state level in the US, and 86% accurate for cities in the US within a 50 kilometer radius.

    I think you should be fine, as you have already deleted your old account, and none of your existing accounts use the same password.

    There is most probably issue of wrong geo ip location database used by the wordfence. Always check location of any suspicious IP address with multiple IP location databases such as https://whatismyip.live https://whatismyip.com https://iplocation.net etc.

    Thread Starter Scott’s Money Machines

    (@thinkblissful)

    Thank you all… much appreciated!

    Glad to have helped!

    Dave

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Strange IP Reported’ is closed to new replies.

Tags