Support

Hi,
My site blocked itself. There are DFIShield attacks on non existent Target URLs from my own server IP address.
What is the cause and remedy?

Thanks,
Dennis

First, we need to disable Admin Tools. You can use the instructions here to do that, look at the "Using FTP to regain access to your site's administrator" instruction.

Now you can log in. You need to unblock the server's IP address. There may be a large "Unblock my IP" button at the top of the Admin Tools screen. If it's there, that will do it.

Then go to Web Application Firewall, Configure WAF, on the first tab, flip the value in "Enable IP workarounds", if it is Yes, make it No or vice versa.

Now you can rename the main.php file that you renamed above to enable Admin Tools again.

Thank you. Can you please tell me why this occurred? How can the attacks come from my IP address?
I’d like to give my client a reasonable explanation.

Thanks,
Dennis

Dennis,

You have another server in front of your web server. It may be a CDN, Cloudflare, load balancer, etc. That server gets traffic first, then forwards it to the web server. It also forwards both its own IP and the "source" IP, the visitor's actual IP. There is a standard for which order these IPs are supposed to be sent, but there is a LOT of variety in how hosts actually set them up. If the IPs are backwards, Admin Tools thinks all of your traffic - and all your security exceptions - are coming from the first server, not from the actual visitor's IP. IP Workarounds switches the order of the two forwarded IP addresses. It is a very common problem.

Dale,
Thank you for the explanation. I greatly appreciate your time and patients.

You're welcome!

This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.