Name Server IP Blocked | Help Appreciated

  • Resolved jetxpert

    (@jetxpert)


    2 years, 7 months ago

    Good Day!

    Issue:

    For some odd reason, Wordfence detected our Name Server IP (not Site IP), blocked it, and now displays it in Wordfence’s Widget (“Top 5 IPs Blocked”).

    Details: https://ibb.co/2Kz6wJs

    When the above happened, Wordfence was in learning mode. Also, our IP detection option was set to “Let Wordfence use the most secure method to get visitor IP addresses. Prevents spoofing and works with most sites. (Recommended)”

    Our host is SiteGround and we’re using Cloudflare.

    Questions:

    (1) What caused Wordfence to block our Name Server IP?

    (2) How can we clear the Name Server IP entry shown in our Widget?

    (3) Should we Whitelist both our Name Server IPs and Site IPs?

    (4) What can we do to prevent the above from happening again?

    (Note: We have switched our Firewall from “Learning Mode” to “Enabled and Protecting.” Also, we have switched our IP detection option from “Let Wordfence use the most secure method …” to “Use the Cloudflare “CF-Connecting-IP” HTTP header to get a visitor IP. Only use if you’re using Cloudflare.”)

    Help appreciated!

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfpeter

    (@wfpeter)

    2 years, 7 months ago

    Hi @jetxpert, thanks for reaching out to us.

    Did you change to the “CF-Connecting-IP HTTP Header” value in response to seeing the top 5 IPs blocked or when originally configuring the site? The issue you’re seeing does certainly seem like the IP for visitors was detecting as the nameserver for a period of time so multiple blocks for multiple users were registering as the same IP, giving a high hit rate for the block.

    If you have always been running the Cloudflare IP detection, let me know. Also, could you please confirm whether your IP shown in Wordfence > All Options > General Wordfence Options > How does Wordfence get IPs currently matches your public IP as shown on https://www.whatsmyip.com.

    Thanks,

    Peter.

    Thread Starter jetxpert

    (@jetxpert)

    2 years, 7 months ago

    Hi @wfpeter,

    We changed to “CF-Connecting-IP HTTP Header” AFTER we noticed our Name Server IP was logged. Prior to that, we were in learning mode.

    The good news is that we haven’t experienced any noticeable lockouts.

    And yes, “How does Wordfence get IPs” does display our public IP properly (always did).

    So, can you kindly help us with the following:

    (1) How do we clear or reset the Widget (plugin’s) IP table?
    (2) Do you recommend we Whitelist both our Name Server and Site IPs? (provided by our host)

    We can always delete, clean all traces of Wordfence and reinstall it, but we’re trying to avoid that.

    Thank you!

    Thread Starter jetxpert

    (@jetxpert)

    2 years, 7 months ago

    Update:

    Upon further analysis, we have concluded the issue reported above occurred as a result of placing Wordfence in “Learning Mode” when we first installed the plugin.

    As a preventative, we have Whitelisted both our Name Server and Site IPs.

    If you end up reading this update, it would still be great if you can tell us how to clear or reset the Widget IP table.

    Closing this issue as “Resolved.”

    Thank you!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Name Server IP Blocked | Help Appreciated’ is closed to new replies.