We've been having a lot of trouble with spam recently. I suspect it is because IPs that would normally be blacklisted appear as local IPs. Has this happened to anyone else, and is there any way to fix this behaviour? I have a feeling that it may be related to SSL, but I have no clue...
The only way this would happen is if you are doing something in config.php to change the IP (or an add-on is). Or if that is actually the real IP (requests coming from the same server). A third option would actually be for this to be from the server itself misreporting, likely due to a misconfiguration.
Have you setup anything in config.php to change $_SERVER['REMOTE_ADDR']? Does this still happen with add-ons disabled?
I only have the database access information in my config.php. The problem remains when I disable addons (with
$config['enableListeners'] = 0; ). Strangely enough bots seem to always have their IP correctly reported, while most users show as 127.0.0.1.
The contents of _SERVER["REMOTE_HOST"] are: 81.***.***.**3, 127.0.0.1 (the stars are just censored digits from my IP, which does indeed display correctly). So it lists both my IP and 127.0.0.1 after a comma.