i was trying to block a specific IP that is sending me a spam links through my contact us page,
i've blocked that ip from .htaccess file but still the same IP send an emails with spam urls through the contact us page
my website is built on wordpress and i'm using firewall as well to block that IP but still getting emails
any advice?
i tried to block that IP by .htaccess file by using Deny from x.xx.xx.xx
and blocked from the hosting by using IP blocker
in addition the firewall plugin
but still the same ip can send or submit the contact form
i'm using a firewall as well to block that IP
If you use the Wordfence plugin, you can lock IP addresses "Wordfence->Firewall->Blocking->Block Type -> Create a block rule->IP".
I think that other plugins use similar settings.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
Recently we found our websites created on our domain gets automatically copied or mirrored at a different unknown domain website. These unknown websites at unknown domain are updating automatically whenever we update our websites.
https://ourdomain.com mirrored at : https://findacrew.se/index.php/SOCRATES
https://ourdomain.com/printversion/ mirrored at: https://findacrew.se/printversion/
https://ourdomain.com/News mirrored at: https://findacrew.se/News
https://ourdomain.com/Web-mail/ mirrored at: https://findacrew.se/Web-mail
Whenever we create any website on our domain it automatically gets created on this unknown domain.
Our hosting service provider Hostgator says : The issue is that the other site may download your content and display it via CURL.
Please help us by guiding what should we do to break this connection between our domain and this unknown domain.
Question update: 1: We have been told by our hosting providers support team that: The domain findacrew.se is pointed to our domains dedicated IP address. For example, if someone type http://findacrew.se/, it redirect to our dedicated IP which is address of our website. Since our domain is hosted on a dedicated IP, the domain findacrew.se will load the content of our site. How to Block other website domain DNS from pointing to our domain's dedicated IP address?
Question update: 2: Further update: We found that the domain has been registered by Eurodns.So we have filed a Complaint against domain findacrew.se to Eurodns with following content:
To
EuroDNS S.A.
Dear Sir,
Greetings
We are the legal owner of domain ourdomain.com with dedicated I.P.... A domain registered at you has been pointed to our dedicated IP address which is unethical and illegal. For example, if someone type http://findacrew.se/, it redirect to our dedicated IP ourdomain.com with dedicated I.P. ....., which is address of our website. Since our domain ourdomain.com is hosted on a dedicated IP, the domain findacrew.se loads the content of our site. Therefore It is a kind request to please Block this domain domain DNS from pointing to our domain's dedicated IP address. For your help we would be highly obliged. Please consider this request on a priority basis because we are facing serious issues every day.
Question Update : 3
We have discovered that all these domains from a single entity are pointed towards our IP address:findacrew.at findacrew.be findacrew.ch findacrew.gr findacrew.nl findacrew.ro findacrew.ru findacrew.se findascrew.com
We have been told by our hosting providers support team that: The domain findacrew.se is pointed to our domains dedicated IP address.
The problem can be solved by properly configuring your web server in order to serve your website's pages only when it is accessed from its URL www.socratesjournal.com
What is going on?
The DNS record for the domain findacrew.se is misconfigured or outdated and it turns out it points to your server's dedicated IP address.
When someone browses to findacrew.se, her/his browser queries the DNS server in order to resolve the domain name.
The DNS server returns your IP address (at the time of writing 216.10.241.94).
Then the browser connect to that IP address.
What is important to note is how the connection is established: when the browser connects to the resolved IP address the domain name is sent to the server (in the Host entry of the request headers):
Host: findacrew.se
Your website ignores the Host header and serves your website's contents despite of its value.
You should configure your website to return a 400 error status code Bad request (or drop the connection or serve a blank page) if the Host header value doesn't match with your website domain name.
If you miss to do that then it's your fault.
All that's happening here is that someone had a domain that previously used the same IP address you're using now, and they haven't updated it since. There's nothing malicious going on here.
We found that the domain has been registered by Eurodns.So we have filed a Complaint against domain findacrew.se to Eurodns with following content
This is laughable... there's certainly nothing unethical or illegal going on here. Your jump to conclusions have lead you astray from the technical problem.
How to Block other website domain DNS from pointing to our domain's dedicated IP address?
You don't. You don't own their domain... they do. You have no control over someone else's domain. By the way, you also don't own your IP address.
So, what do you do? It's very simple. Configure your web server to redirect to your domain with a 301 status code, indicating a permanent redirect. If it gets a request for a domain not configured, it redirects to the same path at your actual domain.
As for specifically how to do that... you didn't bother telling us what web server you're using so you'll have to Google for it or post a new question.
Why do we complex the issues when the solution is easy?
This is my solution which I found online. It really works fast and solved my problem.
Insert this code in your .htacces
RewriteCond %{HTTP_HOST} !^www.domainname.com$
RewriteRule ^/?(.*) http://www.domainname.com/$1 [QSA,R=301,L]
I am working on a WordPress website and have the plugin WP Security installed. It tells me the current IP Address I am on when viewing the website. However the IP address it is producing isn't my correct IP address. I did the same thing on another WordPress website and it did produce the correct IP address.
The reason I'm trying to figure out the IP address is because someone entered their login credentials wrong 5 times. The website is set up so when that happens it locks that person out of website for an hour. Well when this happened it didn't just block their IP address, but blocked our IP address and the clients IP address. And the IP address it said it was blocking was neither of ours.
What could be the reasoning for this single website to be grabbing the incorrect IP address and believing it belongs to us and our client?
EDIT: after looking into it a little more the IP address that is showing up on this website is through Liquid Web, our hosting provider. So it is showing that IP address instead of our current/local IP address.
"All" traffic is routed to your webserver via another server (CDN, Firewall, Nginx etc). Following a failed login attempt the WP plugin is blacklisting this intermediate servers IP address locking everyone out.
Typically php scripts gets the visitors IP frome the REMOTE_ADDR environment variable: but depending on configuration with e.g. intermediate Nginx server REMOTE_ADDR may contain the nginx server IP; and the "real visitor" IP may be in HTTP_X_REAL_IP
You can use this script to: check which environment variable on your site contains the actual visitor IP.
It would be useful if you provided the link to the site from which you got the WP Security plugin.
Solution:
Ask your host provider to configure servers so REMOTE_ADDR on your web server will contain visitors IP; or
If you know which environment var is valid (above); then the security plugin may have a setting to configure accordingly; or
Report as a bug on plugins support forum.
Hello,
So i have a wordpress-based website and within it, the WHMCS 7.1.2 core installation.
The issue is that when a clients purchases a product within the WHMCS cart, the purchase is logged with Cloudflare server's ip instead of the client's real ip adress. I want it to show the real ip at least inside WHMCS.
Pretty much whenever anybody visits my website and its sub-domains, their real ip is masked and replaced with Cloudflare's.
I've found that it is possible to reverse the ip by using this php code:
<?php if (isset($_SERVER['HTTP_CF_CONNECTING_IP']))
$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];
?>
But i don't know how to add it to WHMCS or if there's any other way to reverse the ip?
I would really appreciate if anybody could please guide me on how to do this.
Regards.
WHMCS has settings for such service, called Trusted Proxies, check documentation for Trusted Proxy Settings
Basically, from Setup > General Settings > Security Tab:
Set Proxy IP Header to X_FORWARDED_FOR
Add IP address to Trusted Proxies. This is the tricky part, since you need to add CloudFlare IPs
For the past 2 weeks I am getting problem with my website Contact Us form. My website is built in Joomla. Whenever I filled the form for testing, I got the mail to my Gmail account but not on my domain email ID's.
My joomla website is hosted on AWS and the email server is a dedicated server. My website is running pretty good.
My mail settings in joomla admin are:
Send mail: yes
Mailer: sendmail
Sendmail path: /usr/sbin/sendmail
What is wrong with my Contact Us form?
I think I know what the problem is (we experienced the same issue before with one of our clients). Your website's domain has an SPF entry that doesn't include the IP of your server. This means that when someone tries to fill in a "Contact Us" form and then send it, then it will possibly get caught by your domain's spam filter since the IP of your server is not allowed to send emails on behalf of your domain.
The solution to this problem is to add an SPF entry for your server's IP in your domain's DNS settings.
I create website using php. and then I want to block VPN IP ADDRESS or hide ip Program. in my login.
I see ebay.com website can block VPN IP ADDRESS or hide ip Program.
How do write script php for block VPN IP ADDRESS or hide ip Program.
It's simple to implement:
if (in_array($_SERVER['REMOTE_ADDR'], $blocked_ips)) die("Go away!");
... but it requires a list of IPs you'd like to block. IP hiding works by using a proxy. There is no way to detect if a user is hiding their IP besides checking if traffic is coming from a known IP hiding service's IP. Where you might find such a list, I don't know, but that's the only way to go about this.