My IP as an unknown location

Hi @magdigit,

Can you go into Wordfence -> All Options, then check Use PHP's built in REMOTE_ADDR?

For example: https://i.imgur.com/EORSMd2.png

The reason why you are seeing 0.0.0.0 is because a user is connecting through a proxy that is setting a custom X-Forwarded-For field. This may be the result of spoofing or misconfigured proxy settings by the user. In any case, switching how Wordfence obtains its IP addresses is the way to go!

Dave

Dear Dave @wfdave

Thank you for answering so quickly!
I did as you told me, and now I got this notion twice in ‘live traffic’:

An unknown location at IP 0.0.0.0 was redirected when visiting https://booxalive.nl/meta.php
27-1-2019 19:59:28 (7 minutes ago)
IP: 0.0.0.0 Hostname: 0.0.0.0
Browser: Chrome version 0.0 running on Win32
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.99 Safari/533.4

And also this:

An unknown location at IP 0.0.0.0 left https://booxalive.nl/midi/ and visited https://booxalive.nl/?wordfence_lh=1&hid=993C6589D57284E87FF0F491843E7B19&r=0.7388596078602616
27-1-2019 19:42:42 (22 minutes ago)
IP: 0.0.0.0 Hostname: 0.0.0.0
Browser: Chrome version 71.0 running on Android
Mozilla/5.0 (Linux; Android 4.4.4; SM-T560) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.99 Safari/537.36

I feel that this would also be me, but I don’t use Chrome, Android nor Linux.
Do I have to fear I am hacked?

Magda

Hi again,

I suspect that your server may be behind a proxy or something.

Can you try this test?

1. Create a file called test.php and put it in your document root
2. Place <?php echo $_SERVER['REMOTE_ADDR']; ?> inside and save
3. Go to your website at https://booxalive.nl/test.php
4. Does it read 0.0.0.0 or an actual IP address?

Another thing I want you to try is going back to Wordfence -> All Options, select the different options (How Wordfence Obtains Its IP Addresses).

Does the ****** change when you cycle through the different options?

Detected IP(s): *******
Your IP with this setting: *****

Dave

Dear @wfdave,

People are watching the url’s I gave above. Can that do any harm? Maybe you can delete those?

Before doing the test (I have to figure out what is my document root and how to make a php, for I am not a specialist builder, just only an enthousiastic illustrator who wants to give the society free childrens stories), I emailed my server to ask him whether he changed something or that he recognizes this problem.

Thanx so much in advance,
Magda

Dear @wfdave,

My server told me that I can delete the Wordfence plugin alltogether, while his defense is top-notch. But what about e.g. all those Chinese who try again and again to get in with their author=1 etc? Is it my server who blocks them or your Wordfence plugin?

I am so sorry to bother you with these questions.
Best wishes,
Magda

Hi again,

Wordfence provides an option to block all access to /?author=N so I would recommend keeping the Wordfence plugin if you want to stay protected against that (or another plugin if you just want that feature).

I’m not sure if your server is blocking it or Wordfence is, but Wordfence does have the ability to block those requests. (You’ll want to confirm with your host)

Can you also ask your host why IP addresses are showing up as 0.0.0.0? It’s possible that the host is behind a proxy or something else.

Dave