Users with different IPs
-
Hello people,
In the “User Login” screen of the AIOWPSec plugin, both in the “Logs of failed login” tab and in the “Account activity logs” tab, I noticed that for each user several different IPs are registered.
Of course, a user can change devices, but it is not natural for them to change so much, because in the records they show that on the same day, the same user logged in to his account or failed to log in with multiple IPs (something like 10 different IPs, for example). It is not natural for a user to change devices so much.In the case of “Login Failure Logs”, we can conclude that it could be a hacker who has discovered someone’s username and is trying to login using multiple IPs. I receive emails with notification of blocking the site, where sometimes it shows me that the same user tried to log in several times but failed, and the IPs shown are different, so I believe it may be hackers.
But for the case of “Account Activity Logs”, this tab shows the users who have logged into your accounts, so it means that they are the real users (not hackers). And this tab also shows that the user entered his account with several IPs (including several on the same day).I also realized that even the comment logs, the same user as comments several times, are registered different IPs. However, in this case I realized that between several comments in about 4 weeks, it shows the same IP, and then changes to another IP and thus always records that same IP for about 4 weeks and then changes again to another IP and continues so for about 4 weeks and changes to another IP, and so on.
Can you explain to me why these IP variations for the same user?
I appreciate the help.
-
I did a test to verify the IPs of a single user who has been changing for months until today, and all IPs showed a single location and is correct. This user really lives in Brazil, in the city of Rio de Janeiro:
https://whatismyipaddress.com/ip/189.122.85.54
https://whatismyipaddress.com/ip/189.122.243.214
https://whatismyipaddress.com/ip/189.122.101.62
https://whatismyipaddress.com/ip/189.122.204.148
https://whatismyipaddress.com/ip/189.122.230.183
https://whatismyipaddress.com/ip/189.122.113.45We can then conclude that it is not a hacker accessing that user’s account at different IPs, because if it were then it would show different addresses for each IP.
However, it is strange to see users’ IPs change over time.
Why does this happen?I saw the support topic that you reported and it says that maybe Cloudflare is causing this. My website uses Cloudflare. Do you think that could be it? Does Cloudflare mask the user’s real IP with their IPs?
I checked the list of Cloudflare IPs, but none of them are the same as the IPs that appear on users of my site.
But is the Cloudflare IP list just that? It seems so little.Another question …
I am using my website within a WP multisite network, and I have a subsite (ex.: sub.mysite.com.br). I noticed that on my main site, in the “Connected Users” tab, it shows that I (administrator) is logged: https://prnt.sc/qze0y0
But on my subsite, it does not show that I (administrator) is logged: https://prnt.sc/qze1flHi,
Did you go to WP Security -> Settings -> Advanced Settings and tried different options from the drop down menu. Let me know if this helps in any way.
I am using my website within a WP multisite network, and I have a subsite (ex.: sub.mysite.com.br). I noticed that on my main site, in the “Connected Users” tab, it shows that I (administrator) is logged: https://prnt.sc/qze0y0
But on my subsite, it does not show that I (administrator) is loggedAre you saying that the admin user logged into the admin site shows a different ID in the sub-site? Did you log into the sub-site as a user or an administrator?
Kind regards
OK @wpsolutions, I will be waiting for the new version. Thanks!
- You must be logged in to reply to this topic.
