Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Blackhole for Bad Bots - proposing this as a default install

    WordPress (Managed)
    5
    19
    558
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • marcusquinn
      marcusquinn last edited by

      • https://wordpress.org/plugins/blackhole-bad-bots/

      We find this very effective as a lightweight general protection compared to the heavier do-it-all alternatives.

      We do use the Pro version but I feel the free version would be good enough for most to save from instances becoming probed & spammed.

      Suggestion applies to Managed and Development versions.

      We're not here for a long time - but we are here for a good time :)
      Jersey/UK
      Work & Ecommerce Advice: https://brandlight.org
      Personal & Software Tips: https://marcusquinn.com

      robi 1 Reply Last reply Reply Quote 2
      • robi
        robi @marcusquinn last edited by

        @marcusquinn have not come across this one before, but I was expecting it to be a bit more than just block.

        It would be nice if it added a toggle for sending the bad bots into a tarpit which slows them way down with plenty of timeouts, slow responses and wastes their time and resources with endless crawl loops, etc... really black hole them.

        Life of Advanced Technology

        marcusquinn 1 Reply Last reply Reply Quote 0
        • marcusquinn
          marcusquinn @robi last edited by

          @robi Brownhole for Bad Bots 😂

          We're not here for a long time - but we are here for a good time :)
          Jersey/UK
          Work & Ecommerce Advice: https://brandlight.org
          Personal & Software Tips: https://marcusquinn.com

          1 Reply Last reply Reply Quote 1
          • d19dotca
            d19dotca last edited by

            Interesting plugin, hadn't seen that before. Looks promising and seems logical too in it's approach.

            @marcusquinn - In your experience using this plugin, has this been seen to reduce spam in forms by any chance? That's a problem I've been having lately on a few sites, not a big deal as I don't get too much but maybe a few a week use a form on a website that's just spam. Even using Google reCAPTCHA and honeypot form fields won't do the trick for some reason. When I checked Google reCAPTCHA it saw those as basically perfectly valid, so if I were to up the score limit it may start to have false positives which I don't want to risk for some of my clients.

            --
            Dustin Dauncey
            www.d19.ca

            robi marcusquinn jdaviescoates 3 Replies Last reply Reply Quote 0
            • robi
              robi @d19dotca last edited by

              @d19dotca see if the source IPs have any correlation, ASN, network or country. Then use the blocking feature in Cloudron.

              Life of Advanced Technology

              d19dotca 1 Reply Last reply Reply Quote 0
              • d19dotca
                d19dotca @robi last edited by

                @robi I was thinking about that, but the problem is a couple of my client websites are access from various countries around the world, so I can't really blanket block a country by CIDR rules or something, I'd be worried at that point of blocking people that shouldn't be blocked to visiting my client's website. He's a highly respected ENT surgeon so he has "fellows" and people join him for training for a year from all over the globe. It's crazy where everyone comes from to train with him, haha. Really cool to see, but makes it hard for me to block countries that we'd normally not care about for other sites for example. lol.

                --
                Dustin Dauncey
                www.d19.ca

                robi 1 Reply Last reply Reply Quote 0
                • robi
                  robi @d19dotca last edited by

                  @d19dotca I hear you.. tough but still worth doing the correlation for other insights.

                  The other thing you can look into is post comment/form filtering. Perhaps add your own question to solve that is accepted either way, but later helps tell you if you're dealing with a bot or human.

                  From there there may be a few other things to try 😉

                  Life of Advanced Technology

                  d19dotca 1 Reply Last reply Reply Quote 0
                  • d19dotca
                    d19dotca @robi last edited by

                    @robi Actually you lead me onto a great idea. I went and did some RBL checks on those IP addresses I see sending the forms, and sure enough most of the recent ones are in the Spamhaus XBL list. Now to see if I can somehow get that data into Cloudron as a large listing or something, may be a huge help in reducing spam / bots to the websites.

                    --
                    Dustin Dauncey
                    www.d19.ca

                    jimcavoli robi 2 Replies Last reply Reply Quote 2
                    • jimcavoli
                      jimcavoli App Dev @d19dotca last edited by

                      @d19dotca Now that's a good thought!

                      1 Reply Last reply Reply Quote 1
                      • marcusquinn
                        marcusquinn @d19dotca last edited by

                        @d19dotca not had any spam issues TBH, so I think so. Like I say, we have the pro version but not harm in trying the free.

                        We're not here for a long time - but we are here for a good time :)
                        Jersey/UK
                        Work & Ecommerce Advice: https://brandlight.org
                        Personal & Software Tips: https://marcusquinn.com

                        1 Reply Last reply Reply Quote 0
                        • robi
                          robi @d19dotca last edited by

                          @d19dotca
                          Nice work, that's a great start - existing known spammers.

                          Now they just need to be in the right format list.

                          It would help to make a new thread with your findings and share the list.

                          Life of Advanced Technology

                          1 Reply Last reply Reply Quote 2
                          • jdaviescoates
                            jdaviescoates @d19dotca last edited by

                            @d19dotca I always install Wordfence which I really like. You could also try https://wordpress.org/plugins/goodbye-captcha/

                            The idea of bringing in spam IP lists sounds like a good plan too.

                            I use Cloudron with Gandi & Hetzner

                            robi 1 Reply Last reply Reply Quote 2
                            • robi
                              robi @jdaviescoates last edited by

                              @jdaviescoates Looking at WP Bruiser I can't tell what it does.. there's a lot of marketing around it but it also seems like a lot of cloak and dagger.

                              It would be nice to know how it works.

                              Life of Advanced Technology

                              marcusquinn jdaviescoates 2 Replies Last reply Reply Quote 0
                              • marcusquinn
                                marcusquinn @robi last edited by

                                @robi We use WP Bruiser with a bunch of add-on licences, generally we check everything for performance and code quality before committing to a choice, so it was a while back now but I don't recall any issues since.

                                We're not here for a long time - but we are here for a good time :)
                                Jersey/UK
                                Work & Ecommerce Advice: https://brandlight.org
                                Personal & Software Tips: https://marcusquinn.com

                                robi 1 Reply Last reply Reply Quote 0
                                • robi
                                  robi @marcusquinn last edited by

                                  @marcusquinn that's nice. do you know what it does to stop bots?

                                  Life of Advanced Technology

                                  marcusquinn 1 Reply Last reply Reply Quote 0
                                  • marcusquinn
                                    marcusquinn @robi last edited by

                                    @robi I know we don't have a bot problem 🙂

                                    Quick look at the reports on one website would suggest so:

                                    20014755-6e1f-470c-a921-e0744f0999de-image.png

                                    We're not here for a long time - but we are here for a good time :)
                                    Jersey/UK
                                    Work & Ecommerce Advice: https://brandlight.org
                                    Personal & Software Tips: https://marcusquinn.com

                                    robi 1 Reply Last reply Reply Quote 0
                                    • robi
                                      robi @marcusquinn last edited by

                                      @marcusquinn it's ok to say you don't know how it works too 😆

                                      Life of Advanced Technology

                                      marcusquinn 1 Reply Last reply Reply Quote 0
                                      • marcusquinn
                                        marcusquinn @robi last edited by

                                        @robi I truly don't care how it works. I care about how things work that no-one else has solved 🙂

                                        We're not here for a long time - but we are here for a good time :)
                                        Jersey/UK
                                        Work & Ecommerce Advice: https://brandlight.org
                                        Personal & Software Tips: https://marcusquinn.com

                                        1 Reply Last reply Reply Quote 0
                                        • jdaviescoates
                                          jdaviescoates @robi last edited by

                                          @robi I've no idea how it works either!

                                          I use Cloudron with Gandi & Hetzner

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Powered by NodeBB