Katog Choling
New Pleskian
- Server operating system version
- Ubuntu 22.04.3 LTS
- Plesk version and microupdate number
- Plesk Obsidian 18.0.55.0
Using Cloudflare (free tier), my plesk.log doesn't show the real IP address. I've successfully configured the real IP logging for Nginx and Apache using the information here, which is working fine for the nginx and apache logs etc. However, it doesn't seem to have any effect on the plesk.log which only shows the Cloudflare IP.
The reason this is a problem is that a nefarious source is attempting to log into the panel every 11 minutes and I'd like to block the IP - but it's only showing the Cloudflare address:
panel.log
Is there a way to get the plesk.log to record the real IP?
Is there another way to find the real IP?
How can I block this?
The reason this is a problem is that a nefarious source is attempting to log into the panel every 11 minutes and I'd like to block the IP - but it's only showing the Cloudflare address:
panel.log
Code:
...
[2023-09-06 14:58:59.533] 73515:64f893b382232 ERR [panel] Somebody tries to use the secret key for API RPC "36" from "162.158.38.254"
[2023-09-06 14:58:59.563] 73515:64f893b382232 ERR [extension/rest-api] [Action Log] Failed login attempt with login '<invalid>' from IP 162.158.38.254
[2023-09-06 15:09:56.988] 73655:64f89644f1287 ERR [panel] Somebody tries to use the secret key for API RPC "36" from "162.158.230.2"
[2023-09-06 15:09:57.024] 73655:64f89644f1287 ERR [extension/rest-api] [Action Log] Failed login attempt with login '<invalid>' from IP 162.158.230.2
[2023-09-06 15:20:51.101] 73845:64f898d318924 ERR [panel] Somebody tries to use the secret key for API RPC "36" from "162.158.38.254"
[2023-09-06 15:20:51.129] 73845:64f898d318924 ERR [extension/rest-api] [Action Log] Failed login attempt with login '<invalid>' from IP 162.158.38.254
[2023-09-06 15:31:36.396] 74038:64f89b5860b89 ERR [panel] Somebody tries to use the secret key for API RPC "36" from "162.158.38.254"
[2023-09-06 15:31:36.430] 74038:64f89b5860b89 ERR [extension/rest-api] [Action Log] Failed login attempt with login '<invalid>' from IP 162.158.38.254
Is there a way to get the plesk.log to record the real IP?
Is there another way to find the real IP?
How can I block this?