Attackers are using fake Cloudflare IPs?


#1

Hello
Before using the Cloudflare I have banned some attacker IPs like
162.158.92.35
But as it seems it belongs to the Cloudflare and the same time when we Goggle it, it shows attack reports from that some IPs that belong to the Cloudflare.
The reports are wrong?
Today I am using the Cloudflare but the guard of my wordpress site reports some suspicious activities from some IPs and I checked them they were at the list of Cloudflare IPs.

What should I do?
Attackers are using fake Cloudflare IPs?
If it’s impossible u mean I do not accept the report of my Wordpress guard plugin and do not be worry?

Thanks


#2

Read the reports carefully. I’ve seen this IP a few days ago here. The report linked in that post was quite old and the IP wa last seen in 2015 or 16. CloudFlare does not provide outbound connections. It’s possible that the network was re-assigned and formerly owned by an ISP or hosting provider.


#3

Are you sure you’re getting the ‘real’ client IPs and not those of the Cloudflare proxy? The real client IP is held in the header ‘CF-Connecting-IP’.

I’m not a Wordpress user but Google threw up this:

https://www.itsupportguides.com/knowledge-base/wordpress/wordpress-how-to-get-visitor-ip-address-over-cloudflare/


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.