Could you clarify this part:
I have this issue in Wp database, detecting Wrong super administrator IP.
Thanks.
Thread Starter
Irene
(@arlinaite)
Hi,
Thanks for your answer.
In the _registration_log table of my site database, when I create a new subfolder site, it registers the IP of the user, which is only me. Instead of showing my fixed IP, it shows different IPs all from AWS which is the network that uses Ezoic.
I checked the WordPress code and it uses REMOTE_ADDR to write to registration_log. See https://github.com/WordPress/WordPress/blob/master/wp-includes/ms-functions.php#L2046
Is NinjaFirewall running in “WordPress WAF” or “Full WAF” mode? You can see that from the “NinjaFirewall > Dashboard”.
Thread Starter
Irene
(@arlinaite)
“NinjaFirewall is running in Full WAF mode”
Thread Starter
Irene
(@arlinaite)
Thanks for your answer.
Today I had to disable ninja to access phpmyadmin because it was giving me an error. Should I whitelist my IP in .htninja?
I recommend to whitelist the PHPmyAdmin folder.
You can use the .htninja script:
<?php
/*
+===========================================================================================+
| NinjaFirewall optional configuration file |
| |
| See: https://blog.nintechnet.com/ninjafirewall-wp-edition-the-htninja-configuration-file/ |
+===========================================================================================+
*/
if (strpos($_SERVER['SCRIPT_FILENAME'], '/phpmyadmin/') !== FALSE) {
return 'ALLOW';
}
Replace phpmyadmin with the name of the folder where PHPmyAdmin is installed.
Thread Starter
Irene
(@arlinaite)
Thanks for your answer.
1)
I received the following ninja firewall mail:
[NinjaFirewall] Alert: File Guard detection
SERVER_NAME: mysite.com
USER IP: 170.150.32.6
Someone accessed a script that was modified or created less than 10 hour(s) ago:
public_html/wp-content/plugins/onesignal-free-web-push-notifications/sdk_files/OneSignalSDKUpdaterWorker.js.php
REQUEST_URI: /es/wp-content/plugins/onesignal-free-web-push-notifications/sdk_files/OneSignalSDKUpdaterWorker.js.php?appId=5924229a-e74b-402f-abc0-73df1e877578
What exactly does it mean? I scanned the site with ninja scanner but didn’t reported anything about onesignal
2)
Sorry to ask, but what exactly means?:
I checked the WordPress code and it uses REMOTE_ADDR to write to registration_log. See https://github.com/WordPress/WordPress/blob/master/wp-includes/ms-functions.php#L2046
Is NinjaFirewall running in “WordPress WAF” or “Full WAF” mode? You can see that from the “NinjaFirewall > Dashboard”.
Yes I use Full WAF
1. Did you update the “onesignal-free-web-push-notifications” plugin lately?
2. Can you confirm that you are using the .htninja to detect the correct IP? Can you show me the code you are using?
Thread Starter
Irene
(@arlinaite)
Thanks for your answer
1. Did you update the “onesignal-free-web-push-notifications” plugin lately?
The plugin is Version 2.2.1 and was updated 4 weecks ago.
2. Can you confirm that you are using the .htninja to detect the correct IP? Can you show me the code you are using?
// Reverse proxy:
if (! empty($_SERVER['HTTP_CF_CONNECTING_IP']) &&
filter_var($_SERVER['HTTP_CF_CONNECTING_IP'], FILTER_VALIDATE_IP) ) {
$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];
}
I can see “Fixes error for missing OneSignalSDKWorker.js file” in the plugin’s changelog, so I’ll assume it is the reason why you receive the notification.
The code in the .htninja file is fine. When you check the firewall log, do you see the correct IP addresses?
Thread Starter
Irene
(@arlinaite)
The code in the .htninja file is fine. When you check the firewall log, do you see the correct IP addresses?
Yes in the firewall log IPs are fine.
Any thorts about this?
I brought this issue:
In the _registration_log table of my site database, when I create a new subfolder site, it registers the IP of the user, which is only me. Instead of showing my fixed IP, it shows different IPs all from AWS which is the network that uses Ezoic.
I can’t find a reason why the registration_log table logs the wrong IP address. The .htninja and firewall uses the right one.
Is there any third-party application (or a command line app/tool) handling the new site registration?
Thread Starter
Irene
(@arlinaite)
Is there any third-party application (or a command line app/tool) handling the new site registration?
No, it’s only me, from the network wordpress backend.
I find that the same issue is in the apache error log, it shows Ezoic IPs.
However the access log is showing the real user IPs.
Now I requested support from Cloudways. Several weeks ago they told me that they whitelisted Ezoic IPs.
I will come back with the feedback thanks for your patience.
-
This reply was modified 2 years, 11 months ago by
Irene.
