Support

Admin Tools

#18451 Strange IP 172.16.0.xx Exception security

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Sunday, 02 February 2014 18:00 CST

Monday, 09 December 2013 04:35 CST

ZachCom
 Hi Nicholas,

Thank you first for all that tools we use now : Akeeba Backup Pro, Admin Tools Pro,...

We are a web agency, with a lot of website Joomla 2.5 with Admin tools pro
We've issue with Exception security on different website, we receive email with IP that seems to be private IP :
exemple
We would like to notify you that a security exception was detected on your site, XXXX, with the following details:

IP Address: 172.16.0.19 (IP Lookup: http://ip-lookup.net/index.php?ip=172.16.0.19)

Reason: UploadShield

If this kind of security exception repeats itself, please log in to your site's back-end and add this IP address to your Admin Tools's Web Application Firewall feature in order to completely block the misbehaving user.


also on our website.
Is it a false alert, or someone using our networt or client network to attempting an attack ?

Best regards
Zach
Edited by ZachCom on 2013-12-09 04:36 CST

Monday, 09 December 2013 06:17 CST

nicholas
Please contact your host. Their server is reporting its internal network IP address instead of the visitor address. This means the web server is misconfigured, e.g. there is a reverse proxy in front of the web server (NginX in reverse proxy mode, Varnish) or a CDN but it doesn't set the X-Forwarded-For HTTP header and it doesn't pass the real visitor's IP address to the web server's Apache environment. We cannot provide support for server misconfiguration except bringing this issue to your attention and ask you to work with the people who have set up the server (your host) to get it resolved.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 10 December 2013 16:59 CST

ZachCom
Yes it seems that my host is with CDN

Does it protect me more ?
How can we know the origin IP adress instead of 172.16.0.XX ? Is it impossible with CDN or may i need to ask something from my host ?

Thanks

Wednesday, 11 December 2013 02:02 CST

nicholas
> Does it protect me more ?

The way it's set up? No. It's like asking everyone going through a building's door to sign in their name. If they all sign as "John Smith" you can never know which John Smith you want to kick out. You end up kicking out everyone from the building which kinda beats the purpose.

> How can we know the origin IP adress instead of 172.16.0.XX ? Is it impossible with CDN or may i need to ask something from my host ?

It is PERFECTLY possible. All they have to do is set up the X-Forwarded-For HTTP header as I wrote above. Please do contact your host with the text of my previous reply. If they don't know what to do, switch hosts.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 19 December 2013 10:22 CST

ZachCom
Hi Nicholas,

I've no answer for now from my host.
But this strange, in Piwik (analytics installed on same Host) i can see IP form visitors.
I have someone who submitted a contact form :
the email said "submited by 172.16.0.XX" but when i look in Piwik i can really see at this time which IP was connected to submit form.

is Piwik using something in code ?
Is it possible to do same ?

Thanks

Thursday, 19 December 2013 11:17 CST

nicholas
I might be repeating myself, but you do need to get the answer from your host. It's a simple question, not rocket science. If they can't reply such a simple question you might want to change hosts.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 02 January 2014 16:11 CST

ZachCom
Sorry Nicholas to bother you

But there something i've noticed today :

On my same hosting, i've a lot of websites (15) in Joomla 2.5 with admin tools, and 1 with Joomla 1.5 with admin tools. The issue with IP is only on Joomla 2.5 website.
I can see the reals IP on Joomla 1.5

An idea ?

Friday, 03 January 2014 00:55 CST

nicholas
I am quite sure it is not. First of all, I unrest and what the problem is. I have seen it again. Then again, the IP address reported to PHP is irrelevant to the software stack running on your site. It is between your server and PHP. Finally, our site was running on Joomla! 2.5 for over a year and my blog still is. I have over a million data points which tell me with 100% confidence that what you describe is not caused by Joomla! 2.5. If you want more, about half of our clients are running on Joomla! 2.5 and they don't have this issue.

Can you please contact your host as I told you?

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Sunday, 02 February 2014 18:00 CST

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.
Edited by on 2014-02-02 18:00 CST

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!