So I keep getting DB errors and it looks like someone is trying to hack the site.

Of the last 100 or so most recent registrations, all have IP addresses look almost exactly the same. They start with 10.30.94 And all the DB errors are coming from 2 IP's. Also, this IP range seems to be private so I cant get a fix on where it's coming from. Maybe everyone is using VPNs???

So, of course, I block the IP and did a wildcard on the end but then I myself the admin got locked out of the site. Not the backend but I definitely got locked out of the front end. My IP is nothing like this so now I'm curious. Maybe it's some kind of glitch in the system that keeps recording the same or almost the same IP when someone new registers.

Now to be clear a few of these members with the same exact IP actually posted legit messages but I have like 100 members with the same IP. ???

It looks very fishy to me but I figured I would run it by you guys here before I start deleting accounts.

Do you use Cloudflare or something similar?

Hosted on Register.com

I thought it had something to do with the forum spam plugin Im using. They switched from http to https but I changed the links in the plugin. I then did some digging in the DB and noticed the same "User ID keeps popping up in the DB erros. With this the wierd this is it appears to be coming from the integrated Photopost pluggings. Also when I blocked the IP above the DB errors increaded.

Have you tried to use .htaccess instead of vBulletin?


order allow,deny
deny from 192.168.0.1
allow from all

Yes I actually have a bunch of countries blocked by .htaccess along with a blacklist. The weird part is that all new registrations are coming from the same IP range 10.30.94 (100-201). I cant seem to find out why? The IP recored on the site for new members isnt their actual IP. I had a friend register and his IP came up in the same range listed above where I know its completely different.

It looks like your host may have put something in front of your site.

You could try adding the following to your config.php file and see if the IP's sort themselves out.

$config['Misc']['proxyipheader'] = 'HTTP_X_FORWARDED_FOR';
define('USE_VB_ALT_IP', true);

Thanks for the code Ill give this a try. Could you tell me a safe area of the config file to put this?

Edit, I added it to the end. Lets see if this fixes it. Ill post back just in case someone else runs into this.

Well nuts that didnt work. All that happened is the entire site DNS IP was blocked. It looks like my host is using something like Cloudflare or changes something with the apache server. Ill give them a call and see I can get it sorted.

Actually I've just looked at your site and I don't thing that would have worked anyway as it looks like you are on an 4.2.2 and I don't think the proxy header stuff went in until 4.2.4.

Looking at your page response headers if you say you are on an Apache server then there is definitely something been placed in front of the site.

I use the pro version of this:
https://vborg.vbsupport.ru/showthread.php?t=282525

This allows me to easily identify multiple registrations per IP.

I believe if you ask Joe he will send it or make it available as he is no longer selling and has released the Pro versions here in the past