a month ago
Hello,
Quite recently, we noticed our WordPress site got injected with XSS and patched it up. After installing WordFence, a popular security plugin, we noticed something a little odd.
We've been receiving failed login attempts and while some of them are from the culprit who carried out the attack, there are other login attempts, likely bots, trying to brute force the authentication.
The reason why we're contacting you is that, the recorded IP addresses are all reserved IP addresses, which we suspect is from another service on Railway. Could you look into it? Thanks in advance.
Pinned Solution
a month ago
A lil update: the IP shown in the screenshot is from Railway's proxy. The UI doesn't trust the proxy headers (which contains the real IP), and as a result, logs Railway's proxy IP.
4 Replies
a month ago
This thread has been marked as public for community involvement, as it does not contain any sensitive or personal information. Any further activity in this thread will be visible to everyone.
Status changed to Open Railway • about 1 month ago
a month ago
If you're using a custom domain, I'd recommend migrating to Cloudflare's DNS, as they provide services that fight bots and can protect against scrapers/attacks.
I'll check with the team about this as well.
a month ago
A lil update: the IP shown in the screenshot is from Railway's proxy. The UI doesn't trust the proxy headers (which contains the real IP), and as a result, logs Railway's proxy IP.
a month ago
Oh, that makes sense... Was really curious about the IP addresses being reserved IP addresses.
Thank you for the response.
Status changed to Solved Railway • about 1 month ago