Your [Internal Server IP] has been blacklisted!

  • Resolved -21grams

    (@21grams)


    9 years, 7 months ago

    Please bear with me, this is going to be long.

    First of all, I’m not even sure if the problem I’m up against (the entire www has been blocked from accessing my blog) is WP Simple Firewall’s fault.
    I’m still trying to find the culprit here.

    OK, I’ve got 3 security-related plugins installed.
    1. WP Security Login Notification: Simply sends notifications whenever a user logs in or fails to connect.
    It’s harmless and in no way does it conflict with other plugins, I’m positive.

    2. WP Simple Firewall obviously.
    and
    3. IP Blacklist Cloud.

    Now last night, I logged in to my blog and immediately received the standard “A user has logged in, etc” email.
    What I didn’t notice at the time -and this is vital– is that the *system* didn’t record my real IP [2.xxx.xxx.xxx]
    I was identified as “192.168.1.87” which as it turned out is the host’s server internal IP.
    Every other detail was correct (User Name, email Address, Timestamp, User Agent, http Referrer).

    A few hours later, a bot attempted to log in (typical brute-force attack).
    Its IP was ALSO identified as “192.168.1.87” and as a consequence was banned!
    And with it, the entire world wide web!
    It appears that everyone (admin, users, plain visitors) is falsely recognised with the same IP regardless of their country.

    Host’s customer care told me to whitelist the said IP.
    The problem is that I don’t see any text file (containing IPs) anywhere in the …/plugins/wp-simple-firewall folder.
    I did locate the .htaccess file (in a different path) though and added an “allow from 192.168.1.87” line thinking it would circumvent the block.
    It didn’t.

    This is extremely frustrating. I’m retracing my steps trying to narrow down the culprits.
    The last plugin I updated was (and I say this because it involves log-in forms etc) OpenID.
    Judging by the last modification date (1? hour before the brute force login attempt), maybe it has something to do with it.

    As a last resort, I’m willing to uninstall all 3 security-related plugins. Provided it doesn’t ruin anything of course.
    Should I just go ahead and DELETE the respective folders?
    [Again, I can only access the site only through cPanel and FTP]

    Thank you.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Paul

    (@paultgoodchild)

    The Simple Firewall has no automatic black list system and will not permanently lock you out after triggering a firewall rule.

    The culprit isn’t our firewall in this case.

    My guess is You can solve your problem by renaming the black list plugin folder.

    Thread Starter -21grams

    (@21grams)

    Thanks Paul, it was IP Blacklist Cloud after all.
    After following the “I’m locked out of my own site!” guide, I realised it couldn’t be WP Simple Firewall.
    I deleted the “ip-blacklist-cloud” folder instead and everything now is OK!

    It seems I went to all this trouble for nothing – Sorry for wasting your time :\
    You can mark this as *resolved* now ??

    Plugin Author Paul

    (@paultgoodchild)

    no problem at all… just glad you got it sorted, and thanks for reporting back! ??

    May I ask, if you like the plugin, could you leave a review for us, please? We’re nearly at 100… just 2 more left! ??

    Cheers!

    Thread Starter -21grams

    (@21grams)

    Will do.

    There’s one thing that still worries me though…
    It seems I’m stuck (?) with 192.168.1.87 no matter what I do.
    I logged out and reconnected to no avail (cleared cookies/cache and all)
    Rebooting the modem/router (I have a dynamic IP connection) didn’t solve the *problem* either.
    Why is that?
    Have a look at this screenshot and tell me what you think.

    Plugin Author Paul

    (@paultgoodchild)

    That address is not your address, it’s probably the server’s own local ip

    It looks like your server hosting isn’t populating your server/request variables properly and may be running a old version of PHP. This plugin uses an extensive array of options to learn the connecting IP address and if out of all of them we can’t find it, you may need to discuss this with your host.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Your [Internal Server IP] has been blacklisted!’ is closed to new replies.