Someone trying to hack my site with a Cloudflare IP?

markberger6 · March 14, 2021, 12:01am

Hi all,

first time posting, hello

The reason for my post is I starting getting alerts from Wordpress lately that multiple IPs are trying to hack my site. I have a plugin installed called “Limit Login Attempts,” it blocks access when someone is trying to get into my site with multiple failed attempts. One of the IPs I am seeing in the alerts is 162.158.30.53 When I look into this IP using geo locate tools it tells me it’s a CloudFlare IP out of San Francisco.

This is one IP that constantly is trying to login to my wordpress with “admin.” I am using a cloud flare SSL certificate on my site. I don’t believe Cloudflare would be doing this nor does it have any connection with the SSL cert. I think someone is trying to get into my site (likely just a bot or script kiddy etc ) and using Cloud Flare as a disguise / Proxy or etc. Am I right ? Should I just ban this IP?

markberger6 · March 14, 2021, 12:03am

Also I see 162.158.30.23 as well, when I check I see the whole /24 block (162.158.30.0 - . 255) looks like it is all CloudFlare.

markberger6 · March 14, 2021, 12:13am

Also seeing 162.158.158.196 , Also a CloudFlare IP , but this one in London.
Google search - first result shows a website that this IP has been reported for trying to brute force websites 4 times since Dec 2020 . This is exactly what I’m seeing for a while now - someone trying to brute force me from this IP

sdayman · March 14, 2021, 7:09am

Actually, you are the one using Cloudflare as a proxy. That’s what it says in your DNS settings page.

And your server is not properly configured for Cloudflare.

markberger6 · March 14, 2021, 1:13pm

After looking at the link you posted I think what you’re saying is the IP I’m seeing is Cloud Flare because traffic is being filtered through ClouD flare, but the IP is not actually Cloud Flare. I should go through the article you’ve posted to set it up properly so I would see the actual IPs trying to brute force me … what I’m seeing is not the original IP

Is that correct?

markberger6 · March 14, 2021, 1:19pm

Sorry - one more q. I read the article. I am with Go Daddy and I have wordpress sites on Cpanel. I don’t think I can add this code to my “web server,” I just have shared hosting. Any thoughts? Should I stop using Cloud Flare ?

system · March 17, 2021, 1:20pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.