We noticed this due to the system overview widget not displaying the correct information on a fresh install - After mentioning it to Aleksa, of course he had a solution in exactly* 14 seconds! This could potentially affect Maxmind, Fraudlabs or our very own Fraudrecord Query plugin, Albeit in a slightly different way! The worst part is it's difficult to notice at times, We'd both missed it previously as it's not triggering the fraud check whatsoever thus it lulls you into assuming people have just passed the check. It's important to note we think it's a Cloudflare change rather than a Blesta one and doesn't seem to affect everyone but, this should tide you all over for now! So here it is:

Navigate to:

/core/ServiceProviders/Requestor.php 

 Then on line 89, last return of the getIp function:

return ($forwarded ? explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'])[0] : $ip);

You should now get accurate information fed back and fraud checks being fully functional again. If you have any questions hop on into the Discord for a chat!
 

*I did not time Aleksa on his resolution, I went for a coffee and came back to see he'd replied!