Hi, just to confirm with you. Are both entries in the server and plugin logs referring to the same incident?
In your plugin:
172.16.105.* 2017-07-05 10:18:46 (I removed the UserId and Username that was used)
The Apache Log shows the following:
83.209.xxx.xxx – – [05/Jul/2017:10:18:44 +0200] “GET /wp-login.php HTTP/1.1” 200 4069
83.209.xxx.xxx – – [05/Jul/2017:10:18:45 +0200] “POST /wp-login.php HTTP/1.1” 200 4218
There were only two other entries at that day on that blog. But the time between were ~8 hours before and 11 hours later. The Apache log also has no other entries than these three.
Thank you for reporting the extra information. The plugin developers will investigate further your question.
Kind regards
Hi @sjakubinek,
The way in which the aiowps plugin retrieves the IP address is via the following function:
static function get_user_ip_address()
{
foreach (array('HTTP_CF_CONNECTING_IP', 'HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR') as $key){
if (array_key_exists($key, $_SERVER) === true){
foreach (explode(',', $_SERVER[$key]) as $ip){
$userIP = trim($ip);
if (filter_var($userIP, FILTER_VALIDATE_IP) !== false){
return $userIP;
}
}
}
}
return ''; //if we get this far we have an invalid address - return empty string
}
I’m not 100% sure why for your setup you are seeing different IP addresses. It is probably due to your site hosting setup. Have you asked your host tech support guys? (show them the aiowps function so they know how this plugin tries to obtain an IP and maybe they will have an explanation)
Hi!
Thx for your reply. Well, I’m the “host tech support guys” as it’s my own server 😉
Pls correct me if I’m wrong, it’s been a long time I did PHP. Your function is looking for an IP with different methods.
Let’s say a user is using a proxy with a fake XFF and therefore smth like 192.168.1.102. The first two results before “HTTP_X_FORWARDED_FOR” didn’t end up in a valid result. Then your foreach will return 192.168.1.102 as it is valid for “FILTER_VALIDATE_IP” and stops looking for the other keys. While AFAIK Apache is using “REMOTE_ADDR” for its logfiles.
Regards