apparently i did some tests i know what my actual external ip is but when i go to admin panel go to my user name and click on ip addresses i see mine original ip like 1-2 weeks old even i logged into it now and is see many other ip address that are not mine. when i trace them they all go to cloudflare inc, since i use cloudflare as my dns and WAF + performance increases.
i also recently installed this add one: http://xenforo.com/community/resources/xenloginsecurity-ip-address-account-login-security.1194/
to increase security when i add my original ip i get when i google whats my ip and log out and back in it say invalid ip but when i add the ip that does not belong to be and traces back to cloudflare it lets me login.
its like every one who logs in is sharing a random given spoofed ip address and this makes it hard to ip ban people especially since every one has a turn at using these spoofed ip address from cloudflare. so i am unsure how to stop this since i only want to see the actual ip not some spoofed/hidden random ip <-- this happens to everyone who logs into my site