Security Blog
Posted By Gregory

Know more about intruder’s IP

Getting extra information about particular IP address from registry to find out country, abuse email and other details about intruder


To enable retrieving, check option: Drill down IP.

To view the information click on a particular IP address on the Activity tab.

Information about IP address

Information about the IP address noted with prohibited activity

Technical details

To get extra information like country, company, network info and abuse contact WP Cerber uses requests to a limited set of external WHOIS servers which are maintained by appropriate Registry. All Registry are accredited by ICANN,  so there are no reasons for security concerns. The retrieved information is not storing in the database but is caching for 24 hours to avoid excessive requests and get a faster response. While parsing of the response of the WHOIS server WP Cerber is trying to find out the country and abuse email and make it clickable. That allows you to send abuse report quickly if you want.

List of all Registries and WHOIS servers for IPv4

Note: On slow hosting, especially shared hosting, requests may take a while.

Troubleshooting

On the Activity tab you see the message: WHOIS: User has blocked requests through HTTP.

That means that outgoing HTTP requests are blocked by using WP_HTTP_BLOCK_EXTERNAL directive in the wp-config.php file. To get things work you need to add next line to the wp-config.php file:

define('WP_ACCESSIBLE_HOSTS', 'rest.db.ripe.net' );

On the Activity tab you see the message: WHOIS: Connection timed out (whois.iana.org).

That means that outgoing WHOIS requests was blocked by your hosting provider or some security module on your server (e.g. firewall). The WHOIS protocol is a TCP-based protocol designed to work on the port 43.  So, make sure that port 43 is reachable from your web server using TCP protocol and Apache process is allowed to establish outgoing connection to the TCP 43 port.

Have any questions?

If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered here: G2.COM/WPCerber.


I'm a team lead in Cerber Tech. I'm a software & database architect, WordPress - PHP - SQL - JavaScript developer. I started coding in 1993 on IBM System/370 (yeah, that was amazing days) and today software engineering at Cerber Tech is how I make my living. I've taught to have high standards for myself as well as using them in developing software solutions.

View Comments

Leave a Reply to Gregory
Cancel Reply