1. Home
  2. Forums Index
  3. Server Side / WordPress 1:17 am May 21, 2026

Forum Moderators: rogerd & travelin cat

Message Too Old, No Replies

Why Would Blocking a RIPE IP Address Block Cause Wordpress to Break?

Blocked large RIPE IP range which caused WP layout to break

         

Webwork

3:35 pm on May 26, 2016 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



I blocked a large range of APNIC and RIPE IP A blocks last night in a test of targeting / excluding traffic, bots, hackers, etc and thought nothing of it. (For this test I blocked RIPE's 77.0.0.0/4, which is a huge swath of IP addresses.)

This morning I visited one of my sites and discovered that the site's layout was broken. All the content displayed but only in linear / top down form.

I was unable to login to WP, as each time I entered my UN / PW into the login popup and hit "enter" the login panel simply reset. So . . methinks I'm hacked via WP.

I was able to login to each site's cPanel so I checked via PHPMyAdm for new users. None. A quick check for newly modified files didn't reveal anything.

I go to check another site and it's in the same condition. Check a 3rd site. Ditto.

I start to think "WP hack or server hack?". I don't see any notices on WP.org of new hacks, I've kept things updated and, for a variety of reasons - including the variation of site themes, plugins, etc. - I lean towards thinking the hack is not rooted in WP but possibly in the server.

Being a bit slow to default to Occam's razor type thinking, instead of starting by pulling down all the IP addresses that I blocked (via a WHM PreVirtual Host include file), I start by culling other configurations in the PreV include file: caching commands, etc. Problem persists.

Then, I decide to cull all the blocked IP addresses, which makes no sense to me but . . what the heck.

BAM! All sites again are formatted correctly . . leading to a "WTF?" moment. As in why the frack should a RIPE IP address / IP range have any effect or control over how my websites display.

Is anything of WP's function dependent on WP "calling anything" from a RIPE IP address? I use very few plugins and the only culprit I can think of is SuperCache . . though I'm not sure why SuperCache would be dependent on any form of "call".

I'm using both the Thesis and Genesis frameworks and sites of both flavors were borked, so I don't believe it's a matter of the frameworks calling a remote address.

What has me concerned is the possibility that IF (apparently so) ALL my sites are somehow displaying based upon a call to a remote IP that, in that case, I likely am hacked in some way . . but nothing anywhere is confirming this. Not a Securi check. Not Google WMT. I'm just not seeing other signs of a hack. No bandwidth jumping, etc.

Is it possible that some library is being called from a RIPE IP range which library is required by all WP sites to display properly?

I'm baffled . . and concerned.

not2easy

4:34 pm on May 26, 2016 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



When baffled, check headers. See what resource was requested and not found. The range mentioned covers a lot of territory.
</understatement>

Webwork

5:47 pm on May 26, 2016 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



Thx for the suggestion. It's a practice I've failed to develop, study, learn. Soooo . . just downloaded the Chrome extension.

Of course, when I add back in the "culprit" IP range to WHM - to replicate the problem and then check headers - the problem does not reappear. The sites are now loading . . just fine.

I love technology. :(

Of course, while checking headers, I see several 403 codes being sent that don't correspond to what I'm seeing with my eyes. For example, "403 http://example.com/category/business" yet that category page loads.

I wish I was waaay smarter than I am. Being baffled is not my favorite feeling. :-/

[edited by: travelin_cat at 8:01 pm (utc) on May 26, 2016]

lucy24

7:57 pm on May 26, 2016 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



I see several 403 codes being sent that don't correspond to what I'm seeing with my eyes.

Any chance the browser is using a cached version as a fallback? (Not that, in my experience, browsers actually do this: if they've got a usable cached file they simply don't make the request in the first place.)

Did you mean being sent, or being received? It's not always the same thing.*

when I add back in the "culprit" IP range to WHM - to replicate the problem and then check headers - the problem does not reappear.
Still a little worrying, because who's to say the problem won't recur? For example if there were mirror sites living in unrelated IP ranges, then the whole thing is effectively random as far as the user is concerned.


* This is near the top of the list of Things It Took Me Years To Wrap My Brain Around.

ergophobe

8:03 pm on May 26, 2016 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



By "the extension" you mean HTTPLiveHeaders?

You don't actually need an extension, just open up Inspect and you have a ton of tools there, but look specifically in the console and you will generally get error messages for resources that don't load.

Webwork

9:19 pm on May 26, 2016 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



Lucy, I cleared my cache as part of this process to . . I don't think it's a cached version. Will x2check.

Received. Argh.

Ergo, yes. LiveHTTPHeaders. Uncertain what you mean about "just open up inspect". Not seeing a link or any text on Chrome that says "Inspect".

keyplyr

12:28 pm on May 27, 2016 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Webwork - is your WP layout using anything (plugin, script) that is coming from a remote server? Check all HTTP connections. Possibly you have blocked one (or more) by mistake.

Next thing I'd check is your error log. If your site layout is broke then there are errors logged.

ergophobe

2:47 am on May 29, 2016 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Webwork - If you're in Windows, just right click on any page and choose Inspect from the context menu.

That opens a half dozen tools (at least)
- Elements is your complete DOM/CSS inspector
- console will show you what's happening with Javascript and also various error messages
- sources will show you pretty much all the files loaded on the page
- network will show various things about network performance
- timeline will show you what loads when and what might be holding up pageloads
- profile - never used it. No idea what it does
- resources - lets you see your HTML5 local storage, inspect cookies loaded by the page and so forth
- security - shows basic connection and cert info
- audit will run a report similar to pagespeed suggesting improvemtns

You can get extensions that will add a lot of data. For example, the Google Tag Assistant will let you debug Google Analytics in the Console. I've been using that one a lot lately to get to the bottom of some analytics issues.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / WordPress 1:17 am May 21, 2026