Support » Plugin: Sucuri Security - Auditing, Malware Scanner and Security Hardening » Sucuri Alert shows incorrect IP address

  • Resolved wkeving

    (@wkeving)


    A colleague of mine is having a problem. We happen to both be on SiteGround hosting, and it appears we may even be on the same physical server. In comparing notes, we noticed that both he and I are receiving Sucuri alert notifications, based on having installed the plugin in our respective WordPress installs, that are showing the same IP address for the respective sites.

    For example, he got an alert about available updates for his client’s purelyworship.com website. The website’s IP address is 77.104.146.40. The Sucuri notice lists the site information as https://purelyworship.com with an IP address of 77.104.146.33.

    I received an alert for Core Integrity Checks for my wkevingilbert.me site. That website’s IP address is 77.104.146.38. The Sucuri notice lists the site information as https://wkevingilbert.me and the site IP address as 77.104.146.33.

    How/Why might that be happening? Two different accounts. Lots of different WordPress installs with the Sucuri plugin activated, but an unrelated IP address, unless it’s related by being on the same physical server, is being reported for all the sites as the site IP address? The IP address 77.104.146.33 does not correspond to any of our domains or accounts.

    https://wordpress.org/plugins/sucuri-scanner/

Viewing 1 replies (of 1 total)
  • Plugin Author yorman

    (@yorman)

    I can’t answer your question with accurate information because I don’t know how SiteGround’s servers are configured nor distributed. My guess is that SiteGround is using a load balancer that is constantly switching IP address:

    77.104.146.40 -> ip-77-104-146-40.siteground.com.
    77.104.146.33 -> ip-77-104-146-33.siteground.com.
    77.104.146.38 -> ip-77-104-146-38.siteground.com.
    77.104.146.33 -> ip-77-104-146-33.siteground.com.
    

    However, in this specific case the problem is not with the detection of the server IP but the visitor IP, the address shown in the email alert should be the address of the computer that triggered the alert, for example, your computer not the server.

    This is a common problem when the website is behind a firewall, because the IP address is usually moved to a different HTTP header and the value for the global server variable “REMOTE_ADDR” is replaced by the IP of the server (or in this case the load balancer). To fix this the plugin offers an option in the general settings page named “IP Address Discoverer” which in conjunction with the “Reverse Proxy and IP Address” option fixes the detection of the visitor IP.

    Go to the plugin’ settings page, scroll to the “IP Address Discoverer” and locate the second blue box, the last line in the box named “IP Address” should contain your current IP address [1] if you see a different address then change the HTTP header from the dropdown and try again with the other available options until you find one that matches the real IP.

    Let me know if it works.

    [1] https://httpbin.org/ip

Viewing 1 replies (of 1 total)
  • The topic ‘Sucuri Alert shows incorrect IP address’ is closed to new replies.