Know more about intruder’s IP
Getting extra information about particular IP address from registry to find out country, abuse email and other details about intruder
To enable retrieving, check option: Drill down IP.
To view the information click on a particular IP address on the Activity tab.
Information about the IP address noted with prohibited activity
Technical details
To get extra information like country, company, network info and abuse contact WP Cerber uses requests to a limited set of external WHOIS servers which are maintained by appropriate Registry. All Registry are accredited by ICANN, so there are no reasons for security concerns. The retrieved information is not storing in the database but is caching for 24 hours to avoid excessive requests and get a faster response. While parsing of the response of the WHOIS server WP Cerber is trying to find out the country and abuse email and make it clickable. That allows you to send abuse report quickly if you want.
List of all Registries and WHOIS servers for IPv4
Note: On slow hosting, especially shared hosting, requests may take a while.
Troubleshooting
On the Activity tab you see the message: WHOIS: User has blocked requests through HTTP.
That means that outgoing HTTP requests are blocked by using WP_HTTP_BLOCK_EXTERNAL directive in the wp-config.php file. To get things work you need to add next line to the wp-config.php file:
define('WP_ACCESSIBLE_HOSTS', 'rest.db.ripe.net' );
On the Activity tab you see the message: WHOIS: Connection timed out (whois.iana.org).
That means that outgoing WHOIS requests was blocked by your hosting provider or some security module on your server (e.g. firewall). The WHOIS protocol is a TCP-based protocol designed to work on the port 43. So, make sure that port 43 is reachable from your web server using TCP protocol and Apache process is allowed to establish outgoing connection to the TCP 43 port.
Have any questions?
If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered on the community forum.
Spotted a bug or glitch?
We’d love to fix it! Share your bug discoveries with us here: Bug Report.
WP Cerber Security 8.7
Managing WordPress application passwords a hassle-free way
I'm a software engineer and team lead at Cerber Tech. I started coding in 1993 on IBM System/370 and today software engineering at Cerber Tech is how I make my living.
How do I get real user IP behind load balancer? My machine is behind AWS ELB, and the IP is bypassed by X-Forwarded-For, is there any settings related to that?
You just have to check My site is behind a reverse proxy. This checkbox is located: Main Settings tab, section ‘Limit login attempts’. The plugin will try to extract IP addresses from the HTTP_X_FORWARDED_FOR header. If there is no address in there, the plugin will try to take it from the HTTP_X_REAL_IP header. If you have unusual (and definitely weird) web server configuration you can define constant CERBER_IP_KEY and the plugin will use it as a key to obtain IP addresses from the $_SERVER PHP variable.
Thank you thank you thank you! We have load balancers also and that’s exactly what we needed.