Multiple Users on VPN with same IP

Resolved donnodllc
(@donnodllc)

2 weeks, 4 days ago

I have a client that uses a VPN to access their site which results in multiple users having the same IP address.

One user was trying to view a page on the site and saw a ‘malicious activity’ message. This particular user does not log into WordPress, but others with the same IP (via VPN) do.

The IP in question is whitelisted in the “Allow list” in the “Block & allow lists” tab of the “Firewall” section.

Does anyone have any advice to prevent this behavior?

Viewing 6 replies - 1 through 6 (of 6 total)

Plugin Support hjogiupdraftplus
(@hjogiupdraftplus)

2 weeks, 4 days ago

Hi @donnodllc

When viewing the site page, does it redirect to 127.0.0.1, showing that address in the browser address bar, or does it display a 403 Forbidden error?

Adding an IP address to the allowlist will whitelist that IP for the firewall rules, so it should not be blocked by a rule causing a 403 Forbidden error.

Is the site in a language other than English and using Unicode characters in the URL?

Other users are not currently experiencing this issue, so it seems less likely that the IP has been permanently blocked. You can check this under AIOS > Dashboard > Permanent Block List. If the IP is blocked there, it will redirect the user to 127.0.0.1.

Regards
Thread Starter donnodllc
(@donnodllc)

2 weeks, 4 days ago
The user didn’t send a full screenshot, so I can’t see the URL/IP address.

The site is in English and the URL is typical.

There wasn’t anything for the IP address of the user other than being in the whitelist input.

This is the message from the screenshot I received, maybe I’m incorrect in assuming this is coming from AIOS?

“WordPress Backup & Security Plugin Firewall
Blocked because of Malicious Activities
Reference ID: 14564791016############”
- This reply was modified 2 weeks, 4 days ago by donnodllc.
Thread Starter donnodllc
(@donnodllc)

2 weeks, 4 days ago

The user didn’t send a full screenshot, so I can’t see the URL/IP address.

The site is English with standard alpha (not even numeric) characters in the URL.

I don’t see the IP address of the user(s) in any other fields within the plugin, just the Whitelist one.

This is the message from the screenshot, maybe this isn’t coming from AIOS?

“WordPress Backup & Security Plugin Firewall
Blocked because of Malicious Activities
Reference ID: 14564791016############”

Plugin Support hjogiupdraftplus
(@hjogiupdraftplus)

2 weeks, 4 days ago

Hi @donnodllc,

The message below does not appear to be from the AIOS plugin; it seems to be from the MalCare plugin. Do you have the MalCare plugin installed?

Blocked because of Malicious Activities

Reference ID:

It is advisable to use only one security-related plugin, otherwise certain functionalities may conflict with each other.

WordPress Backup & Security Plugin Firewall affecting not sure what it is.

Regards

Thread Starter donnodllc
(@donnodllc)

2 weeks, 4 days ago

I saw that same piece of text on a website referencing “MalCare” but that plugin is not installed on the site. There are no other ‘security’ plugins on the site.

There is, however, some hacked together plugin by the hosting provider that says “WordPress Backup & Security Plugin” and references BlogVault (the backup part I’d guess). I’m assuming that’s what’s causing the issue but there is no interface in WordPress for me to do anything about it.

Sorry for barking up the wrong tree and thanks for the responses.

Plugin Support hjogiupdraftplus
(@hjogiupdraftplus)

2 weeks, 3 days ago

Hi @donnodllc,

Ok, it might be that the hosting provider must use plugin for security similar to MalCare.

I am resolving this topic.

Would you mind writing a quick five-star review on wordpress.org?

https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/reviews/#new-post

Reviews also help others to make confident decisions about our plugin.

Viewing 6 replies - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

Tags