cancel
Showing results for 
Search instead for 
Did you mean: 

Online customers show several IP Addresses from same place

SOLVED

Online customers show several IP Addresses from same place

I'm not sure if this question belongs here or somewhere else, but there isn't a topic for security related problems, just for security patches. Anyway, when I look at the Online Customers it shows me about 1400 guests all from the IP Address 180.76.15.* which is from Beijing, China. Normally I wouldn't question this, but seeing as it is so many from the same IP Address range, it has me worried. Especially when you add in the fact that most of the Session Start times and last activity are only a couple seconds apart. Same with the Session Start times in the list of the IP Addresses. Any ideas?

5 REPLIES

Re: Online customers show several IP Addresses from same place

hi,

those are probably the bots scanning your store. we usually just block the whole c-class of those IPs on the server, especially if you do not sell to that country. nothing good will come from them anyway.

Anton Pachkine @ magento2.hosting : Magento Managed Package. Get your e-commerce health checkup at http://ecommerce.fitness

Re: Online customers show several IP Addresses from same place

@Finestshops

 

So I blocked the range of IP addresses and somehow when I did that, I gave myself a 500 internal server error (I think that is what it was. I undid it right away so I don't remember) so unless I did something wrong...?

 

What I did was add 

Deny from 180.76.15.0/163

to the .htaccess file.

Re: Online customers show several IP Addresses from same place

correct way:

 

 

Order Deny,Allow
Deny from 180.76.0.0/16
Anton Pachkine @ magento2.hosting : Magento Managed Package. Get your e-commerce health checkup at http://ecommerce.fitness

Re: Online customers show several IP Addresses from same place

@Finestshops

 

I've done this and the IP Addresses are still showing up in online customers as before.

Re: Online customers show several IP Addresses from same place

try to restart apache to clear connections.

you can test it by adding your ip the same way - you should not be able to open your store in the browser but it will not prevent you from opening ftp or ssh to remove your IP from .htaccess

you can also ask your host to block those IPs on the firewall.

 

Anton Pachkine @ magento2.hosting : Magento Managed Package. Get your e-commerce health checkup at http://ecommerce.fitness