starsknight
Forum Replies Created
-
@sdagency – Oh, sorry, good point. I’d said in an earlier post I planned to update the A record, but didn’t specify that in the resolution post.
In our case, all that was needed was going to DNS settings and updating the A record. The only reason we had problems at all was bad timing: we were transitioning management of the site when the server change was announced, which resulted in no one having all relavant info at the right time. So no one realized there was a problem until the IP identification went haywire. 🙂
Ours was an easy fix. For some other people with this issue, you included, it sounds like it will be more complicated. Best of luck!
OP here – Just a followup to say IP identification is working fine now.
Thanks to everyone who helped to resolve this/provide additional info, and I wish anyone with continuing issues the best of luck in getting them resolved!
Hey @hristo-sg
To be clear, no one is having trouble viewing/navigating our website. The only thing WF is blocking is access to the administrative login page, and since they provide an alternative method for a legit admin to log in, the only problem in practical terms is that this costs us a little extra time.
I want IP detection working for a variety of reasons, but this “the entire traffic is blocked shutting the site down practically” idea is not in fact what’s happening, and overstates the severity of the problem by a couple degrees of magnitude.
I’m stating this here so if someone with a similar problem encounters this thread, they don’t freak out and assume their site is inaccessible. 😉
Thanks, all, for the info. This is very helpful.
@hristo-sg, we’re switching over management of the site, so I didn’t receive that email, thus hadn’t changed the A record. Now that I know, I’ll update the DNS settings and hope that fixes the issue. Will reply back here if there are any further problems.
As for the 25,000 administrative login attempts in a single day, though, that still looks like a brute-force access attack to me, albeit an unsophisticated one. We haven’t seen anywhere near that volume before or since, despite IP identification still being an issue. So I see no reason to think that was a false positive, despite the fact that there were likely a number of different IPs involved.
Yes, my host is SiteGround.
The cessation in blocked login attempts yesterday turned out to be brief. Last night, the login attempts have continued at a rate of about one every 30 minutes.
Still registering the SiteGround IP for every access, and nothing else.