APO Jetpack Bug

I am pretty happy with the speed performance of APO but am encountering a warning from Jetpack shown in the image. Why is this happening?

Is it your IP address shown there? Or the IP of your host? 1&1 IONOS Inc.?

Either way, that IP has been blocked by Jetpack brute force attack protection. The plugin got triggered by a traffic spike / pattern that looked like an attack. Another possibility is that you (or that IP address user) entered the wrong password too many times, and again Jetpack got nervous and blocked it.

If you know that’s your IP address, or it’s from your host, you can whitelist it in the Jetpack settings without logging in: https://jetpack.com/support/protect/

This issue started when I began using APO. The IP address is near my location. The strange thing is when I enter my email and press “Send email” the blocking page disappears and my normal WP login page appears?

That means you saw a cached version of one of the two pages. Most likely the block page was still in your browser cache while you weren’t actually blocked. Jetpack brute force only blocks the IP for a short time if the (alleged) attack stops, which allowed you to enter and see your (uncached) dashboard.

Now that you’re in, make sure the Jetpack security settings aren’t too tight, or it’ll start blocking again. You could also look in to stopping the cache from interacting with that block page, but for now just avoid triggering that brute force setting, or turn it off… Cloudflare should be able to manage it.

I don’t entirely agree with your answer. I cleared the browser cache to prevent any issues like this appearing. My password is stored by my browser so I have never made any repeated attempts and always logged in at the first attempt. I can log in seconds after the error page so I doubt it is Jetpack Brute force prevention. I have 8 websites on Cloudflare and only the 2 on APO display this issue. The issue is also intermittent, showing on different days.

That’s why I asked if it was even your IP address on the page. If it wasn’t your browser cache, it could be that Cloudflare cached that block notification page and served it to you from the edge cache at whichever location is closest to you. (It’s not a Cloudflare IP that was blocked though.)

APO caches content more aggressively than Cloudflare alone, which would explain why you don’t notice it on other sites. APO is also relatively new, so it’s very possible that there’s a conflict with Jetpack or some other element involved, or that APO created a traffic pattern that looked legitimately suspicious.

You should try to find more info on traffic from that IP if you have access to the logs. Search for the blocked IP and find out what was happening at the time that made Jetpack block it.

I thought about the issue and am able to reproduce it consistently now. My IP address is changed every couple of days by my internet service provider and it did occur to me the issue occurred on the day when I was asked for 2fA when logging into my CloudFlare account. I changed the IP address on my mobile by switching off wifi and simply using mobile data and I was confronted by the same Jetpack blocking page - view screenshot. The IP address is not mine at all. I am located in Australia and the IP shown by Jetpack is in Germany.

To add to this I just checked my emails and I have also received an email from CloudFlare stating that an unrecognised IP address is logging into my CloudFlare account when I did the test on my mobile. The IP address stated in the email is mine.

The IP in this new Jetpack block isn’t a known Cloudflare IP either. (List here)

I don’t know… I can’t think why you would end up getting served that page showing an IP that’s not yours or Cloudflare’s (and not even close geographically). It doesn’t make sense even with APO.

For the email: My IP changes every so often, probably as often as yours, and I’ve never been asked for 2FA with Cloudflare. Those unrecognized login emails are almost always a false alarm. It’s the change of device that confuses them, not so much the IP.

You might have to dig in to the logs to solve the Jetpack block page mystery. Search the server logs for the IPs that show up on the block pages and maybe that will help explain.

I had a chance to go through my logs today and the IP address mentioned is not present.

I also looked for the IP in the earlier screenshot and that is not present in my logs either.

If you were able to look back far enough in the logs to that date and you can’t find the IPs… that is very strange. I don’t know how that could happen. If it was a cache issue as I suspected, the IPs would still be found in your logs.

The only other idea I had was to check the firewall logs in your Cloudflare dashboard, but you can only see the last 72 hours of activity. Check for the IP there if it happens again. That could explain why it’s not in your logs (if Cloudflare stopped it first) but still doesn’t really explain everything else.

Does Jetpack have its own logs?

Hello

Thanks for the reply.

I had a look at the Firewall logs in Cloudflare and found nothing, I reproduced the issue 2 days ago so it should have shown something.

Jetpack does have it own logs which do show failed login attempts but nothing shows for 2 days ago.

Perhaps I should open a support ticket?

It’s hard to know who you would open a ticket with… is it a Jetpack or Cloudflare problem? I think if you can reproduce it yourself, you’d have a better chance of catching it in all the logs this time.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.