Does a reverse IP lookup on these addresses reveal anything?

Hello,

10.x.x.x is a "private" IP.

Do you have a way of tracking headers? If so, look for an “X-Forwarded-For” or similar. (It may not do any good. The only time I’ve ever seen IPs in 10--one of the Private Use ranges--is as the content of an X-Forwarded-For.* But it’s worth checking to see if something got garbled.)

I did get a new Galaxy 20 lately, but the problem occurs when I turn it off.

Please clarify this. What does your device have to do with your server, and what does either one have to do with other people’s connections?


* Rarely also in “Client-Ip” but this always duplicates X-Forwarded-For.

Reverse lookup just says "unknown." My web host tells me that any address starting with 10.30 is a local device, like a phone. I have a variety of IP addresses on the server access log but almost all of them start with 10.30: like 10.30.83. 30 and 10.30.83.51, etc.

It's as if some unknown device is changing the IP of all incoming traffic. But I don't know what device that could be. As mentioned, I got a Galaxy 20 phone recently, but the problem seems to continue when I power off that phone.

Are you sure the IP is 10.3... or could it be 103.21 or 103.22 or 103.31.

Or asked more simply, do you use Cloudflare?

Where is your server hosted? (You’re not hosting it locally yourself are you?)

What IP range(s) are you using for your local networks?

Turn the WiFi off on your new phone. Make sure you are using the mobile network - to test.

The IP addresses definitely start with 10.30. I am using a shared hosting platform with Network Solutions. I called them about this, but they said 10.30 means it's a local device, and they could help me no further. I had been monitoring my server logs without problems for the last three months (receiving the usual wide range of site access from different IPs), and this just began happening a few days ago: suddenly almost all the IPs start with 10.30.

It may be unrelated, but this problem also seemed to coincide with another problem: I started receiving "bad gateway" messages when attempting to load my domain. I had never seen that message before. I'm still seeing that message every now and then when I try to load my domain, although usually the problem goes away when I hit "refresh."

Not sure how to determine what IP addresses the Network Solutions server is using. I have wi-fi access in my home.

I'll try turning the wi-fi off on my phone. I think I tried that already, but I'll make sure with another test.

No. Still getting "local" devices listed that seem to be coming from China. Slurp China and Petalbot.

My access log still shows the 10.30 access after I have powered down my phone completely.

when my friend accesses my site, his IP address is shown as starting with 10.30

What is the user-agent in this case?

You mention "seem to be coming from China". But where is your friend?

I am using a shared hosting platform with Network Solutions. I called them about this, but they said 10.30 means it's a local device, ...

Did that not strike them as odd? A "local device" in that context implies a device on the same local network as your "remote" server?!

He's in northern Virginia. I had no way to match up his visit with a line in the access log, since all IPs start with 10.30. But I'm pretty sure that legitimate site visits do not show Petalbot. But there's tons of crawling going on, and they all say Petalbot.

I'm trying to contact Network Solutions again, now that I can at least explain the problem a little more clearly.

The cust service rep at my host seemed to think it was my own problem, because I had some device that was acting up. But nothing's changed app-wise with me except the recent acquisition of a Galaxy G20 a week ago, which wasn't causing a problem for the first few days I had it. Besides, the problem doesn't disappear when I power the G20 down.

Thanks for the input, everyone. Now my host says that others are having a similar problem and apparently someone is "working on it."

Now my host says that others are having a similar problem and apparently someone is "working on it."

I believe every word of this utterance--beginning with the unstated admission that once 95 other paying customers reported the same problem, they could no longer pretend it had nothing to do with them.

Right. I wish I had a dollar for every time an ISP has said to me: "There's no problem on OUR end."

Sorry, but if a host doesn't know that an IP address starting by "10.", is a device inside its own network, then I would change host immediately.

[edited by: Dimitri at 9:02 pm (utc) on Sep 2, 2020]

"THE CALLS ARE COMING FROM INSIDE THE HOUSE!"

Network Solutions is the original domain name provider which recently merged with Web.com. Sometimes you call and get a genius -- sometimes you call and get someone who is immediately on the defensive, probably because the caller knows much more about the topic than they do. It's hit or miss, kind of like the service that you get (or don't get) at a fast-food restaurant. At least I got them to stop playing "Pachelbel's Canon" over and over again, which they did for the better part of a decade -- to the point where I have flashbacks to Net-related problems every time I hear it. I sent the entire board of directors a 10-page letter with nothing but the words "Please stop playing Pachelbel's Canon over and and over and over again..." They finally ceased and desisted about ten years ago.

Yeah. "It's coming from inside your own mind!"

That's right: I was beginning to think that a spy from China was hiding in the nearby hedges to capture all my keystrokes. The only problem with that theory was, I am neither rich nor famous, so it's not clear to me why he or she would be making such an effort.

oh by the way, welcome to WebmasterWorld [webmasterworld.com], quasarnibs!

That's right: I was beginning to think that a spy from China was hiding in the nearby hedges to capture all my keystrokes

I did get a new Galaxy 20 lately

5G?

Aspiegel is the crawler for Huawei's new search engine. Most of the Aspiegel/Petalbot hits I've seen come from Chinese/APNIC IP ranges from their operation in Singapore.The "bad gateway" error could point to an issue with Netsol's hardware.

Regards...jmcc