Is the highlighted activity log coming from WPML?

This thread is resolved. Here is a description of the problem and solution.

Problem:
The client noticed server activity logs showing an "Unknown Guest" with an IP address (44.213.71.100) suspected to be related to WPML. This activity was recorded when the client's developer was editing translations through WPML's Advanced Translator.

Solution:
We investigated the issue and determined that the IP address is from the United States - Virginia, which could be an AWS server or someone using a VPN. We asked the client to consider if anyone else had access to the site, if credentials were shared publicly, or if they worked with a supporter who might be from the United States or using a VPN. We also recommended changing credentials for safety. After further investigation and communication with our development team, we concluded that the activity might not be related to WPML. The client's hosting service, Rocket.net, uses a server-side tool that we do not have control over, and it is difficult to determine the source of the activity. Our team also noted that during translation updates, multiple requests are sent, not just two, which the tool logged. Since the tool operates server-side and not within WordPress, and there are no other similar reports, it is challenging for us to provide a definitive solution.

If you're experiencing similar issues with activity logs and suspect it might be related to WPML, we recommend checking your server logs for any unusual activity and considering the points we raised with the client. However, please note that this solution might be irrelevant due to being outdated or not applicable to your case. If the issue persists, we highly recommend checking related known issues, verifying the version of the permanent fix, and confirming that you have installed the latest versions of themes and plugins. If you need further assistance, please open a new support ticket.

This is the technical support forum for WPML - the multilingual WordPress plugin.

Everyone can read, but only WPML clients can post here. WPML team is replying on the forum 6 days per week, 22 hours per day.

Tagged: Exception

This topic contains 17 replies, has 2 voices.

Last updated by Mihai Apetrei 1 year, 9 months ago.

Assisted by: Mihai Apetrei.

Author	Posts
January 29, 2024 at 1:51 pm #15238609
Mihai Apetrei WPML Supporter since 03/2018 Languages: English (English ) Timezone: Europe/Bucharest (GMT+02:00)	Hi Mario. I am still looking forward to hear from my colleagues, it is a super busy period and also, taking into consideration that this issue can't be tested in the backend of WordPress, I am not even sure if they will be able to do something with this in the end, but I just wanted to let you know that I am still waiting to hear from them. Sorry for the delay. I am leaving the ticket assigned to myself, of course. Mihai
January 29, 2024 at 10:59 pm #15241204
marioL-27	Hi Mihai, All good 🙂 there's no hurry, just for the long term it might be good to solve.
February 2, 2024 at 10:40 pm #15261407
Mihai Apetrei WPML Supporter since 03/2018 Languages: English (English ) Timezone: Europe/Bucharest (GMT+02:00)	Hi Mario. I am back with an answer from our dev team. First of all, please let me say "thank you" once again for the amazing patience that you have shown. I appreciate this as our team has been going through a very busy period. This rocket.net service seems like an SaaS type of service and from what we understood it is happening/running on the server side. We don't really have control over what this tool is picking up and our team also could not 100% determine it was coming from us. It could have been a REST call which is a WP standard but since it points to an AWS server, it could be anything and we have no idea how they (the tool) determine the source or where they (the tool) "read" the info to determine it. So, unfortunately, there's not much that our team can do in regard to this. Also, this is the very first time someone has reported this type of situation. During update / create translations - in case of automatic translations we are sending multiple requests, not only 2: Cancel existing job, Create new job, Syncing job statuses, downloading xliff job, sending to ate confirmation that job has been received. It is strange that this tool has only 2 requests caught by logs when we are sending way more. Also, we could not figure out which IP address were addressed with the problematic request since it's AWS and it probably depends on location - our team has totally different IPs in the tests they ran. So, that's all I can say - I wanted to make sure that I gather as much information as possible from the research and test they conducted so that you are well informed of why we think there's a big chance this might not be WPML. But, once again, taking into consideration that the respective tool runs on the server side and not inside WordPress, and taking into consideration that there are no other reports at this point, it is pretty hard to do more. I hope that you will find all this information insightful. Mihai
February 3, 2024 at 11:42 am #15262001
marioL-27	Thank you Mihai, I still discussed with my hosting, and I guess that we'll just let this case to rest then. If we somehow can't have a way to identify, then I'll just start ignoring the "unknown" users in our backend logs. All the best!