I am looking into logs of my company website where we log client host name and ip address.
I noticed that every time I access the website, in addition to my ip and host name, There are other host names and ip address (baiduspider,googlebot etc.) logged that coincide with same time as my access.
How can they also access website, at the same time as my website access. Do they just monitor the traffic and follow with a copy request, when there is genuine user website access?
Are the crawlers and bots good or bad for the website? Don't they cost bandwidth for the website provider.
Related
I have a Wordpress website (Bitnami) thats hosted in Google Cloud Platform. The IP address is something like: 33.33.33.33. My domain is hosted on Google Domains and has 2 nameservers pointing to Cloudflare. On the Cloudflare DNS settings, I have 2 A records, one is ftp and the other is something like 'mywebsite.com'. I also have a CNAME which is www mywebsite.com.
I am able to hit the full URL of my website but I also notice I can enter the IP address and it also works and loads the website. Is it possible to prevent acccess to 33.33.33.33 and only allow the full URL?
Create VPC Firewall Rules that only allow Cloudflare IP addresses.
Consult this document for the current Cloudflare IP list.
Google Cloud VPC firewall rules overview
Note: Cloudflare does not support FTP, so you must point your DNS resource record for FTP to your server's IP address and not through Cloudflare. I recommend that you do not use FTP. Use SSH/SFTP for file transfers. Configure WordPress so that installing plugins, uploading images, etc do not require FTP. FTP is not encrypted which means your login username and password are sent in the clear.
I am building a web app on a Shared server IP on GoDaddy. The app talks to a real estate API that validates the IP of the requesting server. The issue is that on GoDaddy, our IP is listed as X but it actually switches between X and at least 4 other IPs at different times. So when the IP is something other than X, our requests get turned down by the API. I'm wondering if getting a dedicated server would solve this, or if there's another way to go about this?
It seems you can get a static IP with GoDaddy at an additional monthly cost (see the FAQs for more details): www.godaddy.com/ssl/static-ip.aspx
I am setting up a site using WordPress and buddypress with suffusion theme. All up to date. As per usual I have spammers registering and are banning them as the register. I ban their ip number on the htaccess file.
Then I notice an ip number was actually coming from my hosting company and it so turned out that it is the shared hosting ip number, that my site is on.
So some person is registering, numerous times and the ip number is my shared hosting account ip number. Even thought I banned the number its still registering. I get the ip numbers from wordfence and bp register plugins.
I checked my host web stats on the control panel and it shows 174 vists and 446 hits from that ip number. I have checked the ip number on spam lists sites and it does not appear.
My hosting company, who are normally very good, says,
The IP address: xxxxxxxx is a part of the shared hosting server: (named of host) which your website is hosted on. This is not a bot host or visitor IP address. I assume that either your website has some redirection loop or this is the script a part of your website such as cron script or similar.
There should be no point to block this IP address as this is not an actual visitor on your website.
What does this mean and how do I stop that ip number coming up on some registrations and is my script corrupt.
I don't understand why you think that banning the IP address on your .htaccess file would be the best way to prevent people from registering on your site.
Have you tried using any spam prevention measures besides modding your .htaccess file?
http://premium.wpmudev.org/blog/buddypress-spam/
step 1:
Using IP blocker in cPanel
Most hosting providers also offer the option to block suspicious IP addresses in WordPress. If you prefer this method, you can block suspicious IPs from your hosting account by following these steps:
Log into your hosting account
Go to the cPanel and go to the section called Security.
In this section, there should be an option that allows you to block IPs. On Bluehost, the option is called IP Blocker. Other hosting providers may name it something else.
Step 2:
check your website script maybe these Ip bots are operating from your directory.
check for any malicious code
I have some info at Amazon server, but access to this info can be made just with my website IP. How to redirect users IP into a web site IP when they using a link to the info at my site?
Site hoster is iPage, platform Wordpress.
You can't. If the user makes the request, it will be their computer that makes the connection, thus it will be their IP.
The solution is to not make the user do the request, but to make the request yourself. You fetch the webpage at amazon (using curl, wget, ...) and display the information to the user on your site.
I have a networking question. I've setup my own server. The server is up and running. But I must give people inside my network the server's local IP address for better downspeed, because when my network clients using internet, the server's upspeed is slow.
I think giving ip address to my users is pretty odd and hard to remember. Is there any way to allow a same domain name access the server, where the LAN users access via local ip address (ex: 192.168.1.99) and internet users via a static ip address (ex: 111.111.111.111), but with same domain name?
I've made a flow chart, if you don't fully understand my question.
Users on local network and on the internet type the same domain: example.com
If you can recognise 100%, wheter a user is internal or external (e.g. set up a list with internal user accounts), you can use only the internet site, and redirect internal users to the internal IP address after they logged in. They will use the site thru the internet only before they're not logged in, I think, it's acceptable. Don't forget, when redirecting users from example.com to 192.168.1.99, all the cookies will be "lost", the user's session will be cleared, which thing you have to solve it somehow (say, redirect to the local site with a magic parameter, which re-initializes the session on the 192.168.1.99 server).
It has one withdraw: your users listed as internals can't use the site from other place, say, from home. It can be solved by placing to them (and only to them) a direct link after they logs in ("click here if you're not in the office"), which forces the use of the internet site (example.com), or you can solve it by JavaScript (requesting some data with AJAX from 192.168.1.99, and if it fails, don't redirect the user to 192.168.1.99 - maybe it is a bit more difficult).
Edit, suggested by #glglgl: Check client's IP address to see, wheter the request has been initiated from local network or over internet. (See comments.)