I am setting up a site using WordPress and buddypress with suffusion theme. All up to date. As per usual I have spammers registering and are banning them as the register. I ban their ip number on the htaccess file.
Then I notice an ip number was actually coming from my hosting company and it so turned out that it is the shared hosting ip number, that my site is on.
So some person is registering, numerous times and the ip number is my shared hosting account ip number. Even thought I banned the number its still registering. I get the ip numbers from wordfence and bp register plugins.
I checked my host web stats on the control panel and it shows 174 vists and 446 hits from that ip number. I have checked the ip number on spam lists sites and it does not appear.
My hosting company, who are normally very good, says,
The IP address: xxxxxxxx is a part of the shared hosting server: (named of host) which your website is hosted on. This is not a bot host or visitor IP address. I assume that either your website has some redirection loop or this is the script a part of your website such as cron script or similar.
There should be no point to block this IP address as this is not an actual visitor on your website.
What does this mean and how do I stop that ip number coming up on some registrations and is my script corrupt.
I don't understand why you think that banning the IP address on your .htaccess file would be the best way to prevent people from registering on your site.
Have you tried using any spam prevention measures besides modding your .htaccess file?
http://premium.wpmudev.org/blog/buddypress-spam/
step 1:
Using IP blocker in cPanel
Most hosting providers also offer the option to block suspicious IP addresses in WordPress. If you prefer this method, you can block suspicious IPs from your hosting account by following these steps:
Log into your hosting account
Go to the cPanel and go to the section called Security.
In this section, there should be an option that allows you to block IPs. On Bluehost, the option is called IP Blocker. Other hosting providers may name it something else.
Step 2:
check your website script maybe these Ip bots are operating from your directory.
check for any malicious code
Related
I have a Wordpress website (Bitnami) thats hosted in Google Cloud Platform. The IP address is something like: 33.33.33.33. My domain is hosted on Google Domains and has 2 nameservers pointing to Cloudflare. On the Cloudflare DNS settings, I have 2 A records, one is ftp and the other is something like 'mywebsite.com'. I also have a CNAME which is www mywebsite.com.
I am able to hit the full URL of my website but I also notice I can enter the IP address and it also works and loads the website. Is it possible to prevent acccess to 33.33.33.33 and only allow the full URL?
Create VPC Firewall Rules that only allow Cloudflare IP addresses.
Consult this document for the current Cloudflare IP list.
Google Cloud VPC firewall rules overview
Note: Cloudflare does not support FTP, so you must point your DNS resource record for FTP to your server's IP address and not through Cloudflare. I recommend that you do not use FTP. Use SSH/SFTP for file transfers. Configure WordPress so that installing plugins, uploading images, etc do not require FTP. FTP is not encrypted which means your login username and password are sent in the clear.
I have windows 10.
To get the IP address of some website I type ping somewebsite.com in cmd.
For example if I say ping google.com, cmd shows Pinging google.com [216.58.206.206] with 32 bytes of data: and some lines after that. If I type that IP provided (216.58.206.206), that gets me to Google.
But some websites aren't like this. For example for website codeforces.com I get 213.248.110.126, but this doesn't get me to the website, instead shows some error 404 Not Found .
Why it doesn't work and what is the best method to get IP addresses of websites in Windows 10?
Thanks.
Some websites cannot be accessed by IP only.
Think for example, a public (free or paid) web hosting, with shared IP. If you doesn't provide a domain name (FQDN), then the server doesn't know what page needs to be served.
Think also on some "public" services, like Azure DevOps. They provide you a FQDN over a microsoft domain, but probably each DevOps repository doesn't have their own IP. If you only provides the IP, then the service doesn't know what page are you requesting.
Also, if you enter to an HTTPS page, the certificate are securing the domain name, not IP address. If you try to enter with IP only, your navigator tells you the page are not secure (Try it with Google for example).
I develop and manage a small promotional/marketing website on Wordpress for a startup SaaS product. We're using Cloudflare for DNS and whatnot. Apparently the WAF has been turned on which uses a proxy and changes the user's IP address. i'm trying to use IP address to filter "internal" traffic for Google Analytics and the only way this works is with the WAF turned off. If not using the WAF is going to cause any sort of significant risk for my website, then obviously I'll need another way to do my analytics thing. Reading about what all it provides on their website doesn't make it all that clear to me how important it is for a website like this. If anyone who "gets it" had some insight to share, I'd be most appreciative. thx!
You should definitely use the WAF - it will protect your website from many malicious bots and attacks.
Wordpress sites are particularly juicy targets for attackers, for a number of reasons:
The security of a default Wordpress installation is not great.
Every Wordpress site shares common default features, such as the location of the admin login page, the admin username, and other exploitative resources.
Wordpress is extremely popular, and currently used by an estimated third of all websites on the internet.
Wordpress is used by many, many small businesses and hobbyists who do not how to secure their site properly.
Ergo, attackers can very easily scour the web for Wordpress websites that are easily hackable. Other nefarious activities are commonly carried out with ease on most Wordpress sites, such as comment spam or Denial of Service attacks.
What protection does the WAF offer?
Cloudflare and most other high quality WAFs can be configured to protect your site by automatically performing actions like:
Blocking known bad IP addresses.
Blocking bad bots which are automatically making requests to your site.
Limiting high numbers of requests from one source in a short amount of time (usually a sign of a DoS attack or scraping).
Blocking requests from particular countries or locations.
There is no reason why you wouldn't want to enable this protection if you have it available to you, and Cloudflare is the industry leader in this area.
Additionally, I would recommend you research how to better secure your Wordpress site in ways other than just the WAF - e.g. The Ultimate WordPress Security Guide
How to solve the IP address issue
Cloudflare is not changing the user's (the client) IP address, but rather acting as a proxy. As you have noticed, the IP address you're seeing is not the client's own, but one of Cloudflare's. This is crucial to how Cloudflare works to protect your site, but this is a common issue when using any kind of proxy.
To get the correct IP address when using a proxy, you need to check the X-FORWARDED-FOR header. You might see this as a string of comma-separated IP addresses, depending on how many proxies the user has gone through before reaching the site. The first one in the list is the original client IP.
e.g. Here 203.0.113.1 is the client's original IP address:
X-Forwarded-For: 203.0.113.1,198.51.100.101,198.51.100.102
Documentation: How does Cloudflare handle HTTP Request headers?
Anyway, it's good to use a function which can comprehensively check headers and give you the best match for the original client IP, regardless of whether the user is behind a proxy or not, so that you can guarantee it always works.
Here's a very popular StackOverflow question about this:
What is the most accurate way to retrieve a user's correct IP address in PHP?
I am looking into logs of my company website where we log client host name and ip address.
I noticed that every time I access the website, in addition to my ip and host name, There are other host names and ip address (baiduspider,googlebot etc.) logged that coincide with same time as my access.
How can they also access website, at the same time as my website access. Do they just monitor the traffic and follow with a copy request, when there is genuine user website access?
Are the crawlers and bots good or bad for the website? Don't they cost bandwidth for the website provider.
I have a networking question. I've setup my own server. The server is up and running. But I must give people inside my network the server's local IP address for better downspeed, because when my network clients using internet, the server's upspeed is slow.
I think giving ip address to my users is pretty odd and hard to remember. Is there any way to allow a same domain name access the server, where the LAN users access via local ip address (ex: 192.168.1.99) and internet users via a static ip address (ex: 111.111.111.111), but with same domain name?
I've made a flow chart, if you don't fully understand my question.
Users on local network and on the internet type the same domain: example.com
If you can recognise 100%, wheter a user is internal or external (e.g. set up a list with internal user accounts), you can use only the internet site, and redirect internal users to the internal IP address after they logged in. They will use the site thru the internet only before they're not logged in, I think, it's acceptable. Don't forget, when redirecting users from example.com to 192.168.1.99, all the cookies will be "lost", the user's session will be cleared, which thing you have to solve it somehow (say, redirect to the local site with a magic parameter, which re-initializes the session on the 192.168.1.99 server).
It has one withdraw: your users listed as internals can't use the site from other place, say, from home. It can be solved by placing to them (and only to them) a direct link after they logs in ("click here if you're not in the office"), which forces the use of the internet site (example.com), or you can solve it by JavaScript (requesting some data with AJAX from 192.168.1.99, and if it fails, don't redirect the user to 192.168.1.99 - maybe it is a bit more difficult).
Edit, suggested by #glglgl: Check client's IP address to see, wheter the request has been initiated from local network or over internet. (See comments.)