Support » Plugin: Stop Spammers Security | Block Spam Users, Comments, Forms » Spam from IP address in good cache

  • Resolved striio

    (@striio)


    Hi, I am looking for some help understanding an IP address situation, please. Firstly, the IP address displayed as ‘Your IP address’ on the Stop Spammers summary page is not the IP address of my device I am accessing the site on; it is very similar to the shared IP address of my site’s web hosting service (only the last digit is different). There is a message noting “This address is invalid for testing for the following reason: IP same /24 subnet as server…”.

    Secondly, in the last few days I noticed an increase in successful spam user registrations and spam emails making it through my website’s contact form, all coming from the same IP address, which is the same one mentioned above. The Stop Spammers log report notes the IP address as being in the Good Cache.

    Is something amiss here? Normally, I would just block the offending IP address, but the fact that it matches the one listed by Stop Spammers as ‘my IP address’ (but isn’t actually my device IP address) has confused me and I wonder if blocking it would cause complications?

    The plugin is v.2021-20 on WordPress 5.8.3.

    • This topic was modified 7 months, 1 week ago by striio.
    • This topic was modified 7 months, 1 week ago by striio.
Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author Bryan Hadaway

    (@bhadaway)

    Yes, your server isn’t recording IP addresses correctly, so we need to figure out how to restore them.

    It sounds like this is a recent change, so what changed? New security tool, DNS changes, migrate to a new host, just add Cloudflare?

    Cloudflare is the most common reason, which means you now need to restore visitor IP addresses:

    https://support.cloudflare.com/hc/en-us/sections/200805497-Restoring-Visitor-IPs

    Thread Starter striio

    (@striio)

    Hi, sorry for the delay replying.

    Yes, I only noticed the increased spam problem within the last couple of weeks, although until then I hadn’t paid much attention to what IP address was listed in Stop Spammers. I don’t use Cloudflare and have not migrated web host or, as far as I know, had DNS changes. I did add a two-factor authentication plugin for use with account login within the last few months (‘WP 2FA’) so maybe that is the difference?

    Plugin Author Bryan Hadaway

    (@bhadaway)

    There is a setting that needs to be adjusted for 2FA in any case:

    https://wordpress.org/plugins/stop-spammer-registrations-plugin/#why%20is%202fa%20failing%3F

    But, I’m not sure if it’s related to or will help this issue in any way.

    If you’re not aware of anything that would prohibit IP addresses from being correctly recorded, it’s possible that your host implemented something automatically on the server without your knowledge. You may need to check with them.

    Thread Starter striio

    (@striio)

    Hi, just to follow up on this – I contacted my web host and they have recently installed an Nginx reverse proxy in front of the webserver that must be causing the issue as all traffic to my site is seen as coming from the reverse proxy IP address.

    I can pick up again with the web host but thought I’d ask if you are aware of anything that can help with this on the Stop Spammers / WordPress side of things?

    Thanks.

    Plugin Author Bryan Hadaway

    (@bhadaway)

    Yes, you’ve correctly narrowed down the issue.

    Some possible resources:

    https://www.google.com/search?q=nginx+reverse+proxy+restore+ips

    But, most likely, you’ll need to have your host assist with this.

    Thread Starter striio

    (@striio)

    Thanks.

    I found some code to add to the WordPress configuration file that seems to allow the site to identify the real visitor IPs despite the reverse proxy. Hopefully, Stop Spammers can now see actual IP addresses!

    This page helped me: https://webhostinghero.org/obtain-correct-reverse-proxy-ip-address-wordpress/

    Plugin Author Bryan Hadaway

    (@bhadaway)

    You’re welcome. Glad you’re back on track. 🙂

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Spam from IP address in good cache’ is closed to new replies.