Support » Plugin: All In One WP Security & Firewall » Users with different IPs

  • Hello people,

    In the “User Login” screen of the AIOWPSec plugin, both in the “Logs of failed login” tab and in the “Account activity logs” tab, I noticed that for each user several different IPs are registered.
    Of course, a user can change devices, but it is not natural for them to change so much, because in the records they show that on the same day, the same user logged in to his account or failed to log in with multiple IPs (something like 10 different IPs, for example). It is not natural for a user to change devices so much.

    In the case of “Login Failure Logs”, we can conclude that it could be a hacker who has discovered someone’s username and is trying to login using multiple IPs. I receive emails with notification of blocking the site, where sometimes it shows me that the same user tried to log in several times but failed, and the IPs shown are different, so I believe it may be hackers.
    But for the case of “Account Activity Logs”, this tab shows the users who have logged into your accounts, so it means that they are the real users (not hackers). And this tab also shows that the user entered his account with several IPs (including several on the same day).

    I also realized that even the comment logs, the same user as comments several times, are registered different IPs. However, in this case I realized that between several comments in about 4 weeks, it shows the same IP, and then changes to another IP and thus always records that same IP for about 4 weeks and then changes again to another IP and continues so for about 4 weeks and changes to another IP, and so on.

    Can you explain to me why these IP variations for the same user?

    I appreciate the help.

Viewing 13 replies - 1 through 13 (of 13 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, thank you for reaching out to us. Please check the following support thread. Let me know if the issues are the same or similar.

    Thank you

    Rodrigo

    (@vejapixel)

    I did a test to verify the IPs of a single user who has been changing for months until today, and all IPs showed a single location and is correct. This user really lives in Brazil, in the city of Rio de Janeiro:
    https://whatismyipaddress.com/ip/189.122.85.54
    https://whatismyipaddress.com/ip/189.122.243.214
    https://whatismyipaddress.com/ip/189.122.101.62
    https://whatismyipaddress.com/ip/189.122.204.148
    https://whatismyipaddress.com/ip/189.122.230.183
    https://whatismyipaddress.com/ip/189.122.113.45

    We can then conclude that it is not a hacker accessing that user’s account at different IPs, because if it were then it would show different addresses for each IP.
    However, it is strange to see users’ IPs change over time.
    Why does this happen?

    I saw the support topic that you reported and it says that maybe Cloudflare is causing this. My website uses Cloudflare. Do you think that could be it? Does Cloudflare mask the user’s real IP with their IPs?
    I checked the list of Cloudflare IPs, but none of them are the same as the IPs that appear on users of my site.
    But is the Cloudflare IP list just that? It seems so little.

    Another question …
    I am using my website within a WP multisite network, and I have a subsite (ex.: sub.mysite.com.br). I noticed that on my main site, in the “Connected Users” tab, it shows that I (administrator) is logged: https://prnt.sc/qze0y0
    But on my subsite, it does not show that I (administrator) is logged: https://prnt.sc/qze1fl

    • This reply was modified 6 months ago by Rodrigo.
    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    Did you go to WP Security -> Settings -> Advanced Settings and tried different options from the drop down menu. Let me know if this helps in any way.

    I am using my website within a WP multisite network, and I have a subsite (ex.: sub.mysite.com.br). I noticed that on my main site, in the “Connected Users” tab, it shows that I (administrator) is logged: https://prnt.sc/qze0y0
    But on my subsite, it does not show that I (administrator) is logged

    Are you saying that the admin user logged into the admin site shows a different ID in the sub-site? Did you log into the sub-site as a user or an administrator?

    Kind regards

    Rodrigo

    (@vejapixel)

    Olá,

    Fui até WP Security -> Configurações -> Configurações avançadas e selecionei cada opção, mas continua mostrando os IPs direntes para o mesmo usuário.
    O pessoal do WordPress me disse que isso não é problema do plugin WP Segurança e firewall e nem do WordPress. Esses IPs diferentes para o meu usuário é simplesmente do provedor de internet desse usuário que se altera periodicamente, e isso é normal.

    Are you saying that the admin user logged into the admin site shows a different ID in the sub-site? Did you log into the sub-site as a user or an administrator?

    No, what I mean is that the administrator user only appears in the “Connected Users” tab on the main website. For the subsite, the administrator user does not appear.
    I took a print at the moment when only the administrator is logged in. See that here is showing the administrator user logged in, and this is the main site. And see that here is not showing that the administrator user is logged in.

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    I am not sure how you have set up your multi-site users. I did a Google search and found the following documentation wordpress-multisite-user-management. Let me know if this helps you in any way.

    Thank you

    Hi @mbrsolution,

    Thanks for the indication of the article, but it does not exclude my doubt.
    But I appreciate your attention.

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, I have submitted a message to the developers to investigate further your issue.

    Thank you

    OK thank you.

    Plugin Author wpsolutions

    (@wpsolutions)

    Hi @vejapixel
    I have a quick question:
    What setting did you choose on the following page?
    WP Security >> Advanced Settings >> IP Retrieval Settings

    Since you say that you are using cloudflare I recommend that you choose the following from the above setting dropdown box:
    HTTP_CF_CONNECTING_IP

    Let me know if this makes a difference.

    Hello @wpsolutions

    REMOTE_ADDR (Default) was selected: https://prnt.sc/r7ncyj

    I selected the option you informed (HTTP_CF_CONNECTING_IP) and it remains the same, that is, on my main site, I (adm) appear as connected, but on my subsite I do not appear connected (https://prnt.sc/r7nhat).
    How can I not see any logged in user when I am logged in?

    Plugin Author wpsolutions

    (@wpsolutions)

    Hi @vejapixel
    I will do some more investigations and look at the code to check for possible bug.

    Plugin Author wpsolutions

    (@wpsolutions)

    Hi @vejapixel
    It turns out that there was a bug which affected the display of logged in users for some cases in multi site scenarios.
    The next version of the plugin will contain a fix to address the issue you are seeing.

    OK @wpsolutions, I will be waiting for the new version. Thanks!

    • This reply was modified 5 months, 1 week ago by Rodrigo.
Viewing 13 replies - 1 through 13 (of 13 total)
  • You must be logged in to reply to this topic.