Support » Plugin: Cerber Security & Antispam » incorrect admin IP

  • Resolved taninmajere

    (@taninmajere)


    I was looking for an strange CPU use on my server, I’ve tracked down that WP-Cerber has like 3000+ unwanted access to wp-login with admin user (and some others) but it wasn’t blocking anything. Checking the settings I didn’t see any error but I’ve increased the security (like blocking any non-existent user attempts) and pushed up bans time. After saving the new config, Cerber started to block like 70+ ips but checking the log, I’ve found that one ip (wich was blocked after the new config) succesfully log-in like 2 days ago, stayed logged for like 5 hours and then disconnects. The weird thing its that same logged-in ip didn’t manage to re-log again on the further attempts (due incorrect password I think) and here comes my first question:

    There are false positives on Wp-Cerber?

    After Cerber blocks those ips, I’ve decided to change the admin password (to another 20+ chars like I always do), dashboard forced me to log out to find that wp-cerber doesn’t allow any more logins during the new config timer (360 seconds) wich it was odd but hey, maybe I didn’t read carefully what I was doing.

    I logged to my server via ssh, renamed the wp-cerber folder, logged in again and re-activated the plugin to find that Wp-Cerber was reading my ip incorrectly. It whitelisted one of the attackers ip (wich it was also blacklisted). Checking the log, it was the same ip that succesfully logins 2 days ago. So i deleted the whitelist entry, placed my real ip but now, Cerber dashboard tell me that my ip it’s still the attacker’s ip. I can’t add that ip to the blacklist because it seems that Cerber does not allow to blacklist what it thinks that its your current ip (wich is nice) but I can’t manage to tell Cerber that isn’t my ip.

    Any suggestions to do that?

    Thank you!

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Gioni

    (@gioni)

    First of all, make sure that Cerber detects IP addresses correctly.

    1. Use this page to get your real IP: http://wpcerber.com/what-is-my-ip/
    2. Make sure that you see the same IP address as it shown on the Access Lists admin page under the label Your IP.

    If you see two different IP addresses, you have to check My site is behind a reverse proxy in the Main Settings of the plugin.

    Hello again, and sorry for the delay.

    I doubled checked and my website isn’t behind any reverse proxy. It’s an VPS I rented months ago and never had this problem with WP Cerber. The problem starts when I deactivated the plugin by renaming the folder and enabling it again. It keeps sayin that my ip its 188.114.110.86 (and never changes) but my real ip is 81.37.69.200

    Plugin Author Gioni

    (@gioni)

    Hi!

    You need to define CERBER_IP_KEY in the wp-config.php file. Please follow the instruction: http://wpcerber.com/wordpress-ip-address-detection/

    Plugin Author Gioni

    (@gioni)

    How is it going?

    Hello! and sorry for the delayed response.

    After defining the KEY, Cerber seems to successfuly detects my ip. I’m on another place and the IP seems to change correctly. After the change, Cerber detects and block a lot of new attacks. Thanks a lot!

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.