Support » Plugin: Stop Spammers Security | Block Spam Users, Comments, Forms » Spam from IP address in good cache

  • Hi, I am looking for some help understanding an IP address situation, please. Firstly, the IP address displayed as ‘Your IP address’ on the Stop Spammers summary page is not the IP address of my device I am accessing the site on; it is very similar to the shared IP address of my site’s web hosting service (only the last digit is different). There is a message noting “This address is invalid for testing for the following reason: IP same /24 subnet as server…”.

    Secondly, in the last few days I noticed an increase in successful spam user registrations and spam emails making it through my website’s contact form, all coming from the same IP address, which is the same one mentioned above. The Stop Spammers log report notes the IP address as being in the Good Cache.

    Is something amiss here? Normally, I would just block the offending IP address, but the fact that it matches the one listed by Stop Spammers as ‘my IP address’ (but isn’t actually my device IP address) has confused me and I wonder if blocking it would cause complications?

    The plugin is v.2021-20 on WordPress 5.8.3.

    • This topic was modified 1 week, 1 day ago by striio.
    • This topic was modified 1 week, 1 day ago by striio.
Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Bryan Hadaway

    (@bhadaway)

    Yes, your server isn’t recording IP addresses correctly, so we need to figure out how to restore them.

    It sounds like this is a recent change, so what changed? New security tool, DNS changes, migrate to a new host, just add Cloudflare?

    Cloudflare is the most common reason, which means you now need to restore visitor IP addresses:

    https://support.cloudflare.com/hc/en-us/sections/200805497-Restoring-Visitor-IPs

    Thread Starter striio

    (@striio)

    Hi, sorry for the delay replying.

    Yes, I only noticed the increased spam problem within the last couple of weeks, although until then I hadn’t paid much attention to what IP address was listed in Stop Spammers. I don’t use Cloudflare and have not migrated web host or, as far as I know, had DNS changes. I did add a two-factor authentication plugin for use with account login within the last few months (‘WP 2FA’) so maybe that is the difference?

    Plugin Author Bryan Hadaway

    (@bhadaway)

    There is a setting that needs to be adjusted for 2FA in any case:

    https://wordpress.org/plugins/stop-spammer-registrations-plugin/#why%20is%202fa%20failing%3F

    But, I’m not sure if it’s related to or will help this issue in any way.

    If you’re not aware of anything that would prohibit IP addresses from being correctly recorded, it’s possible that your host implemented something automatically on the server without your knowledge. You may need to check with them.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.