XF 2.2 guest IP is from my server, am I hacked?

R

realaqu

Active member
When I looked at the guest ip list this morning, I found one guest's IP is my hosting server's IP, it is running on an old centos 6 for many years, is it normal or I m hacked, any inputs?
 
Sort by date Sort by votes
duderuud

duderuud

Well-known member
CentOS6? Really? That went eol in 2020 so yeah, high probability your server is hacked.
Create a backup of your DB and web files, reinstall your server asap and import your data.

And check your files to see if they are compromised .
 
Upvote 0 Downvote
mattrogowski

mattrogowski

Well-known member
It's far more likely to be XF simply doing a cURL request to itself, for example for a thread URL unfurl. If you try it, and post a URL to a thread and wait for it to make the unfurl request, you'll see a guest viewing that thread (because there's been a request made to it) and the IP will be that of the server (because the sever is making the HTTP request which starts up a guest session when browsing the thread). I don't see how or why a hacker would be making internal requests to the forum.
 
Upvote 2 Downvote
R

realaqu

Active member
mattrogowski said:
It's far more likely to be XF simply doing a cURL request to itself, for example for a thread URL unfurl. If you try it, and post a URL to a thread and wait for it to make the unfurl request, you'll see a guest viewing that thread (because there's been a request made to it) and the IP will be that of the server (because the sever is making the HTTP request which starts up a guest session when browsing the thread). I don't see how or why a hacker would be making internal requests to the forum.
Click to expand...
Thanks, that make sense, I ll keep watching on it
 
Upvote 0 Downvote
duderuud

duderuud

Well-known member
mattrogowski said:
It's far more likely to be XF simply doing a cURL request to itself, for example for a thread URL unfurl. If you try it, and post a URL to a thread and wait for it to make the unfurl request, you'll see a guest viewing that thread (because there's been a request made to it) and the IP will be that of the server (because the sever is making the HTTP request which starts up a guest session when browsing the thread). I don't see how or why a hacker would be making internal requests to the forum.
Click to expand...
Agreed. But a supported OS is the more pressing matter for now...
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

PatriotGB
How to prevent banned ip showing up as guests in "online" widget.
Replies
5
Views
588
digitalpoint
digitalpoint
RG70Hz
  • Question
XF 1.2 SMTP Mail Server Not Working Properly
2
Replies
25
Views
478
RG70Hz
RG70Hz
tristan9
Xenforo and edge caches
Replies
5
Views
571
motowebmaster
motowebmaster
Harvey
  • Question
Server Upgrade Problems
Replies
13
Views
612
Tracy Perry
Tracy Perry
karll
  • Question
XF 2.2 No IP logs were found for the requested user
Replies
1
Views
475
HotRodCarts
HotRodCarts
Top