: Wordpress security from bots One of my clients website is getting massive traffic from China most of which are bots. These bots are hitting the site nonstop causing the VM to use very high

Posted in: #Botattack #Security #Wordpress

One of my clients website is getting massive traffic from China most of which are bots. These bots are hitting the site nonstop causing the VM to use very high cpu and memory. As a result it is costing my client my as the site is hosted on cloud.

I have Blocked most of the IPs. I even blocked the whole country but that does not seem to help. Still the site is getting massive amount of hits per minute.

These bots are hitting one specific URL which had a Email form. I removed the email form. Changed the URL and even redirected the old url to a different site.

But none of these seem to have any effect of the CPU and RAM usage. Any help is appreciated.

Thanks

10.01% popularity Vote Up Vote Down

: Mobile Usability Error I don't quite understand how the mobile usability works but it is detecting the problem on the wp-includes path when using wordpress. What can do to stop it?

@Bryan171

Posted in: #Error #GoogleSearchConsole #Mobile #Wordpress

1 Comments

: Angular2 : 'Fetch as Google' doesn't render page I am working on Angular2 based web app. I used Angular CLI to generate app and then to build it for prod. I have hosted website on AWS S3

@Bryan171

Posted in: #AngularJs #FetchAsGoogle #Googlebot #GoogleSearchConsole

0 Comments

: Does Angular browser language detection and redirection affect SEO? I'm building an Angular app that supports English and Japanese. The main site: domain.com, is displaying in Japanese. The other

@Bryan171

Posted in: #AngularJs #Multilingual #Seo

2 Comments

: How do I disable socket.io cookie named io server-side? I needed to disable the socket.io cookie named io server-side. I follow the path to file creating the cookie to a file located at C:socket.ioexampleschatnode_modules

@Bryan171

Posted in: #Cookie #NodeJs #Server

2 Comments

Login to post a comment!

1 Comments

Sorted by latest first Latest Oldest Best

@Heady270

Block IP Addresses

If you find that certain IP addresses are hitting your site over and over, you can block them individually in .htaccess

Order Deny,Allow
Deny from 1.1.1.1
Deny from 2.2.2.2
Deny from 3.3.3.3

Too many rules are required to block entire regions of the world by IP address in .htaccess. For example blocking the US would require 150,000 lines of text. (Source)

Block User Agents

If the bots are not spoofing major browsers, you can block them by user agent:

# Bot Blocker
<IfModule mod_setenvif.c>
SetEnvIfNoCase User-Agent ^$ keep_out
SetEnvIfNoCase User-Agent (pycurl|casper|cmsworldmap|diavol|dotbot) keep_out
SetEnvIfNoCase User-Agent (flicky|ia_archiver|jakarta|kmccrew) keep_out
SetEnvIfNoCase User-Agent (purebot|comodo|feedfinder|planetwork) keep_out
<Limit GET POST PUT>
Order Allow,Deny
Allow from all
Deny from env=keep_out
</Limit>
</IfModule>

(Source)

Other techniques

This article has a number of other techniques that you can use. The article explains each one very well, so it would be better to read the details about each one there.

Find hosting that does the blocking
Use a CDN
Install Apache modules such as MaxMind
Implement blocking in your application (such as PHP)
Use routing tables
Use ModSecurity on the webserver
Use a proxy service such as CloudFlare

10% popularity Vote Up Vote Down

Feed

: Wordpress security from bots One of my clients website is getting massive traffic from China most of which are bots. These bots are hitting the site nonstop causing the VM to use very high

More posts by @Bryan171

: Mobile Usability Error I don't quite understand how the mobile usability works but it is detecting the problem on the wp-includes path when using wordpress. What can do to stop it?

: Angular2 : 'Fetch as Google' doesn't render page I am working on Angular2 based web app. I used Angular CLI to generate app and then to build it for prod. I have hosted website on AWS S3

: Does Angular browser language detection and redirection affect SEO? I'm building an Angular app that supports English and Japanese. The main site: domain.com, is displaying in Japanese. The other

: How do I disable socket.io cookie named io server-side? I needed to disable the socket.io cookie named io server-side. I follow the path to file creating the cookie to a file located at C:socket.ioexampleschatnode_modules

Login to post a comment!

1 Comments

Back to top | Use Dark Theme