wordfence logged a login from far away ip-adress

  • Resolved celli030

    (@celli030)


    10 years, 2 months ago

    Hi there,

    today I checked the live traffic and found the tab “logins and logouts”. What I saw, is still shocking for me – someone from the US logged into my account without even any failed login attempts before. For explanation: I’m located in Germany, don’t use any proxy servers and use a Mac. Also I have a very strong password with special characters, numbers and capitalLetters.

    Can anyone explain this? How can someone log into my account with my password without even guessing? Btw, my blog is just a few weeks old, with a few plugins, nothing special.

    Are there any other explanations for that? Like Wordfence got confused with IP-Ranges or something?

    Here is the IP-adress which is in another country from where I’m located.

    United States Columbus, United States logged out as "*username*"
IP: 11.17.227.44
1 day 16 hours ago
United States Columbus, United States logged in successfully as "*username*"
IP: 11.17.227.44
1 day 16 hours ago

    Any hints or explanation is helpful, THANKS!

    https://wordpress.org/plugins/wordfence/

Viewing 5 replies - 1 through 5 (of 5 total)
  • Clayton James

    (@claytonjames)

    10 years, 2 months ago

    It certainly does seem odd… Bearing in mind that ip addresses are fairly easily spoofed, (that still wouldn’t explain how they had your username or password) and just out of curiosity, have you checked into who that block of ip addresses appears to be assigned to?

    Thread Starter celli030

    (@celli030)

    10 years, 2 months ago

    yes I have, and I really don’t know what the DoD want from me. maybe because I talk also about guns on my blog.

    Another strange thing is: I always use a different url to the admin login (not the standard) – so I think I have done a lot in security but might not be enough for those people …

    Plugin Author Wordfence Security

    (@mmaunder)

    10 years, 2 months ago

    Hi,

    Wordfence does not allow anyone to log into your site. We only implement rules that would make your site more secure. I’d recommend changing your password immediately. Also please post a screenshot showing the login you’re talking about and I’ll investigate.

    Regards,

    Mark.

    Thread Starter celli030

    (@celli030)

    10 years, 2 months ago

    Hi Mark,

    Thanks for your help! Meanwhile I figured out how and why this happened. The IP adress knew my password because it was me 😀

    I noticed another login from another strange ip range (this time korea) while I was surfing the web. So I investigated and found out that my mobile had an ip range from Korea.

    Problem solved, everything is ok! My mobile provider apparently uses weird ip ranges … I will contact them to clarify

    Thanks to wordfence for the information, always a great tool!

    Cheers

    Plugin Author Wordfence Security

    (@mmaunder)

    10 years, 2 months ago

    😀 Thanks for the update!! Glad to hear you figured it out. I get quite a few reports like this and I think many people make the same mistake.

    Regards,

    Mark.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘wordfence logged a login from far away ip-adress’ is closed to new replies.