Question

IP visitor comments is exactly like my IP droplet. So I can not cut off the spammers by their IP

I have site on wordpress, and IP visitor comments is exactly like my IP droplet. So I can not cut off the spammers by their IP. How to make that when someone write a comment on the website, admin panel recorded the actual visitor’s IP?

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

@dvolob

Ok, here’s what we’re going to do. First, deploy a Droplet using Ubuntu 16.10 64bit, preferably a 1GB or 2GB instance. Since we’re running NGINX, PHP-FPM, and MariaDB plus the fact that you’re hosting multiple WordPress installations, we need more resources than would be available on an instance w/ only 512MB.

Once the Droplet is setup, login as root.

Installing NGINX, PHP 7.1.x + PHP-FPM, and MariaDB

Copy + Paste the command from here to the CLI.

You’ll see a dialog box pop up and ask “A new version of /boot/grub/menu.lst is available, but the version installed currently has been locally modified.” – simply hit enter (which selects “keep the local version currently installed”).

What the above command will do seems complex, due to size, but what it specifically does is:

1). Sync current packages against Ubuntu’s repositories. 2). Upgrade all existing packages to their latest versions. 3). Install the build environment needed for NGINX. 4). Install a new PPA so we can use PHP 7.1.x instead of 7.x. 5). Install the most used PHP packages, including PHP-FPM. 6). Download OpenSSL, PCRE, and ZLIB to compile NGINX. 7). Compile NGINX from source. 8). Remove files that we don’t need. 9). Install MariaDB

Once NGINX has finished compiling, it’ll begin installing MariaDB.

Securing MariaDB

Once MariaDB is finished up, we’ll run one more command to wrap up our software installation and to remove un-needed data from MySQL. Simply copy & paste the following command and hit enter.

mysql_secure_installation

In order, do the following:

1). Enter Current Root Password – Hit Enter (one hasn’t been set yet) 2). Set Root Password? – Type y, hit enter, and set a secure password. 3). Remove Anonymous Users? – Type y and hit enter. 4). Disallow root Login Remotely? – Type y and hit enter. 5). Remove test database and access to it? – Type y and hit enter. 6). Reload privilege tables now? – Type y and hit enter.

We’ve now successfully install NGINX from source, PHP 7.1.x + PHP-FPM, and MariaDB.

Configuring NGINX

Now, to get NGINX working the way we want, we need to modify a few files and create a few more directories. To get the directories created, we’ll run:

sudo mkdir -p /etc/nginx/sites \
&& sudo mkdir -p /etc/nginx/config/php

The above are simply storage directories for our websites and PHP configuration.

Now we’ll delete the current NGINX configuration file and create a new one with this configuration. Simply copy everything there and paste it in to the new nginx.conf file that we create with the below command.

sudo rm -rf /etc/nginx/config/nginx.conf \
&& sudo nano /etc/nginx/config/nginx.conf

Now let’s create our first website server block. We’ll store our website server blocks in the sites directory we created above, so:

sudo nano /etc/nginx/sites/example.com.conf

With that file open, we’ll paste in:

server {
    listen                                          80;
    server_name                                     yourdomain.com www.yourdomain.com;
    root                                            /home/yourdomain/htdocs/public;
    index                                           index.php index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }

    include                                         /etc/nginx/config/php/php-fpm.conf;
}

Now we need to create our php-fpm.conf file which is required by the above server block. So like the above, we’ll create that file in our newly created php directory.

sudo nano /etc/nginx/config/php/php-fpm.conf

and paste in the contents from this gist.

NGINX is now configured and can be started by running:

nginx

When changes are made, you can reload those changes using:

nginx -s reload

Configuring PHP-FPM

The last thing we need to do is change the way PHP-FPM listens for connections. By default, it uses sockets. This is fine, TCP is most ideal for a multi-site environment.

So we need to open the existing file:

sudo nano /etc/php/7.1/fpm/pool.d/www.conf

and change:

listen = /run/php/php7.1-fpm.sock

to

listen = 127.0.0.1:9000

Then restart PHP-FPM:

sudo service php7.1-fpm restart

What Do I Do Now?

The server block we just created needs to be modified to match a real domain and you need to set a real root path so NGINX knows where to direct requests. Once this is done, you can create an index.php file in the root directory and test the configuration out.

From there, you can create a MySQL Database + User using the MySQL CLI or Adminer/phpMyAdmin (web-based interface) and test a WordPress installation.

How Do I Add New Sites?

You can drop new server blocks in /etc/nginx/sites/ and once set, reload NGINX to make the changes stick, i.e.

sudo nano /etc/nginx/sites/newsite.net.conf

Paste in your configuration…

nginx -s reload

Of course, create the directories for each site and make sure the root path is set for each domain.

You can in fact get a little more complex, but before we go in to creating PHP-FPM configurations for each account, I want to make sure we get this setup first!

@dvolob

Is there a specific reason you’re using both Apache + NGINX? I ask as unless you’re familiar with both and able to administer both, you’re really making things a multitude more complex than they need to be (i.e. you’re making your life harder).

Would you be open to allowing me to help you simplify things? By that, I mean dropping Apache and setting up with NGINX + PHP-FM + MariaDB (a drop-in replacement for MySQL).

If so, I can provide you with a very simple way of getting it all setup and you’ll only need to handle a few things afterwards.

If this block proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $ scheme;

is added to

location ~ \ .php $ { fastcgisplitpathinfo ^ (+ \ php…) $ (*.); root $ rootpath; include / etc / nginx / fastcgiparams; fastcgipass 127.0.0.1:9000; fastcgiparam REMOTEADDR $ httpxrealip; fastcgiindex index.php; }

all * .php starts to work! But IP is not transmitted at all, there is an empty space in site page where is to be output IP.

I make one-click image gentos 6 at first, and them install nginx and reverse proxy myself. I have several wordpress sites on this droplet. I use ispmanager.
that’s part of my nginx.conf : (46.xx.xx.xx and mysite.com - as an example)

user nginx; worker_processes 1; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; }

http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] “$request” ’ '$status $body_bytes_sent “$http_referer” ’ ‘“$http_user_agent” “$http_x_forwarded_for”’; access_log /var/log/nginx/access.log main; sendfile on;

keepalive_timeout  65;
gzip  on;
include /etc/nginx/conf.d/*.conf;
include /usr/local/ispmgr/etc/nginx.domain;
client_max_body_size 128M;
log_format isp '$bytes_sent $request_length';
server {
	server_name isptest.mgr;
	listen 80;
	disable_symlinks if_not_owner from=$root_path;
	set $root_path /var/www/mgrtest/data/www/isptest.mgr;
	location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf)$ {
		root $root_path;
		access_log /var/www/nginx-logs/mgrtest isp;
		access_log /var/www/httpd-logs/isptest.mgr.access.log ;
		error_page 404 = @fallback;
	}
	location / {
		proxy_pass http://46.xx.xx.xx:81;
		proxy_redirect off;
		proxy_set_header Host $host;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header X-Real-IP $remote_addr;
	}
	location ~* ^/(webstat|awstats|webmail|myadmin|pgadmin)/ {
		proxy_pass http://46.xx.xx.xx:81;
		proxy_redirect off;
		proxy_set_header Host $host;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header X-Real-IP $remote_addr;
	}
	location @fallback {
		proxy_pass http://46.xx.xx.xx:81;
		proxy_set_header Host $host;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header X-Real-IP $remote_addr;
	}
	include /usr/local/ispmgr/etc/nginx.inc;
}
server {
	server_name mysite.com www.mysite.com;
	listen 80;
	disable_symlinks if_not_owner from=$root_path;
	set $root_path /var/www/user/data/www/mysite.com;
	location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf)$ {
		root $root_path;
		access_log /var/www/nginx-logs/user isp;
		access_log /var/www/httpd-logs/mysite.com.access.log ;
		error_page 404 = @fallback;
	}
	location / {
		proxy_pass http://46.xx.xx.xx:81;
		proxy_redirect off;
		proxy_set_header Host $host;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header X-Real-IP $remote_addr;
	}
	location ~* ^/(webstat|awstats|webmail|myadmin|pgadmin)/ {
		proxy_pass http://46.xx.xx.xx:81;
		proxy_redirect off;
		proxy_set_header Host $host;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header X-Real-IP $remote_addr;
	}
	location @fallback {
		proxy_pass http://46.xx.xx.xx:81;
		proxy_set_header Host $host;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header X-Real-IP $remote_addr;
	}
	location ^~ /webstat/ {
		auth_basic "Restricted area";
		auth_basic_user_file /var/www/user/data/etc/920135.passwd;
		try_files $uri @fallback;
	}
	include /usr/local/ispmgr/etc/nginx.inc;
}

}

@dvolob

How was your Droplet setup? Did you use a one-click image or did you install all software yourself? We need to know more about how your Droplet was setup before we can help.

To me, initially, it seems like you’re using a reverse proxy and that correct headers are not being sent, so when WordPress queries for the visitor IP, it’s reverting to the server IP as it can’t determine the real IP.

Yes, I checked the log access, and there I see that a comment has the same IP address of the site.
If the user surf on the site, the logs can see its real IP. If the user writes the comment, IP changes to droplet IP.

Are you using a reverse proxy? Did you check the access logs?