Piwik shows visitors logged in twice within minutes and with 2 different IP Addresses


#1

We have been using Piwik for about a month, and have been very pleased. An issue that we have been working on is the Piwik log indicates that one username has logged in twice within minutes from 2 different IP addresses.
One IP Address is always a Trendmicro IP Address from Japan and the other IP address seems to be the one the user has always used in the past.in the US. We have been testing and comparing, trying to determine if our website login is being hacked. Any suggestions or ideas are very much appreciated.


#2

could the user be accessing from a proxy? some people now like to use proxy anonymizers when they browse? maybe a mobile browser? so one login is from a wifi local connection the other accessed from a mobile network browser?


#3

Good idea, but I don’t think so because it is many of our customers.


#4

to verify you have many customers logging onto your stite and this occurs?

if so are they logging on locally (via intranet) or via regular internet?

when they login is there any sort or redirect to a back end system?


#5

ask your it department if they are using any firewall rules that could be causing the visits to be passed through or cheked via the external ip. im guessing its firewall related here.


#6

We use an ASM F5 Big IP as a proxy, so all web requests go through F5. Yet, not all users are double logged in. We suspect that some of our user logins might be being used by someone else along with the valid user.


#7

how is someone deemed a valid user? any sort of login.? registration?


(Matthieu Aubry) #8

see Installation - Analytics Platform - Matomo


#9

How do I get to the configuration file in config/config.ini.php. We do not host Piwik on our server.


#10

Anyone who visits the website is a valid user. Some users log in to their account. All must go through the F5 ASM proxy server.