Know more about intruder’s IP
Getting extra information about particular IP address from registry to find out country, abuse email and other details about intruder
To enable retrieving, check option: Drill down IP.
To view the information click on a particular IP address on the Activity tab.
To get extra information like country, company, network info and abuse contact WP Cerber uses requests to a limited set of external WHOIS servers which are maintained by appropriate Registry. All Registry are accredited by ICANN, so there are no reasons for security concerns. The retrieved information is not storing in the database but is caching for 24 hours to avoid excessive requests and get a faster response. While parsing of the response of the WHOIS server WP Cerber is trying to find out the country and abuse email and make it clickable. That allows you to send abuse report quickly if you want.
List of all Registries and WHOIS servers for IPv4
Note: On slow hosting, especially shared hosting, requests may take a while.
On the Activity tab you see the message: WHOIS: User has blocked requests through HTTP.
That means that outgoing HTTP requests are blocked by using WP_HTTP_BLOCK_EXTERNAL directive in the wp-config.php file. To get things work you need to add next line to the wp-config.php file:
define('WP_ACCESSIBLE_HOSTS', 'rest.db.ripe.net' );
On the Activity tab you see the message: WHOIS: Connection timed out (whois.iana.org).
That means that outgoing WHOIS requests was blocked by your hosting provider or some security module on your server (e.g. firewall). The WHOIS protocol is a TCP-based protocol designed to work on the port 43. So, make sure that port 43 is reachable from your web server using TCP protocol and Apache process is allowed to establish outgoing connection to the TCP 43 port.
Have any questions?
If you have a question regarding WordPress security or WP Cerber, leave them in the comment section below or get them answered here: G2.COM/WPCerber.