Support » Plugin: Stop Spammers » spammer with ip of

Viewing 5 replies - 1 through 5 (of 5 total)
  • is “localhost” or the IP number that the machine uses to talk to itself. I would guess that someone is using the keyboard on your server or there is a proxy server running that is reporting that IP.

    It could also be a virus on your machine that is running a script to access your blog.


    thanks for the reply …. it’s not my machine as the site is on a remote server (rackspace managed server) …. i highly doubt its rackspace server either they have way too many sites at risk if that was the case

    i googled around some and are you 100% positive that a hacker in china can’t spoof that ip address?

    note this is a recent thing has not happened have been using your plugin successfully for months

    maybe this is what i need to do?
    It is called spoofing and a fairly common practice and easy to do with IP addresses. You’ll need to trace back his requests in the web server’s log to find his real IP address and ban it.

    there are a number of new accounts registered reporting as their ip and they basically do what the others do spam with links to whatever so the same exact type accounts i’ve been blocking just seems like lately they found a new trick

    Apache gets the IP address from the request. It can only be spoofed from the inside out. It has to be a bad plugin with a vulnerability or some kind of script that has been uploaded to the server.

    I think it might be time to backup your database, wipe wordpress and reinstall it. I think someone sneaked some kind of back door onto your site and this is the only way to fix it.

    Download my “Threat Scan” program and run it. See if it finds anything.


    thanks Keith for advice i will try running the threat scan you mentioned ….what im seeing in my raw logs are like 500 hits a day from requesting kind of normal things like images its almost all GET requests …but weird thing is its requesting them not like its a page load where all files would be close together in time requested

    i’ve also checked for any changed files and not seeing anything i didn’t know about there

    here is an example …… it also requests some theme files

    Line 229162: – – [25/Nov/2013:23:52:37 -0600] “GET /wp-content/uploads/2013/10/2t-shirt.jpg HTTP/1.1” 304 241 “-” “Mozilla/4.0 (compatible;)”
    Line 230450: – – [26/Nov/2013:00:00:28 -0600] “GET /wp-content/uploads/avatars/443/4bbdfgfge8651-bpthumb.jpg HTTP/1.1” 304 241 “-” “Mozilla/4.0 (compatible;)”

    You might try an htaccess file with a “deny” and see what happens. I am not an htaccess expert so you would have to google how to block a domain with htaccess. Be prepared to fix it quick if something goes screwy.

    It might be some plugin trying to get a file, it would be interesting to see what the log says after you deny access.


Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘spammer with ip of’ is closed to new replies.