Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Navigation

    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Blackhole for Bad Bots - proposing this as a default install

    WordPress (Managed)
    5
    19
    105
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • robi
      robi @d19dotca last edited by

      @d19dotca see if the source IPs have any correlation, ASN, network or country. Then use the blocking feature in Cloudron.

      d19dotca 1 Reply Last reply Reply Quote 0
      • d19dotca
        d19dotca @robi last edited by

        @robi I was thinking about that, but the problem is a couple of my client websites are access from various countries around the world, so I can't really blanket block a country by CIDR rules or something, I'd be worried at that point of blocking people that shouldn't be blocked to visiting my client's website. He's a highly respected ENT surgeon so he has "fellows" and people join him for training for a year from all over the globe. It's crazy where everyone comes from to train with him, haha. Really cool to see, but makes it hard for me to block countries that we'd normally not care about for other sites for example. lol.

        robi 1 Reply Last reply Reply Quote 0
        • robi
          robi @d19dotca last edited by

          @d19dotca I hear you.. tough but still worth doing the correlation for other insights.

          The other thing you can look into is post comment/form filtering. Perhaps add your own question to solve that is accepted either way, but later helps tell you if you're dealing with a bot or human.

          From there there may be a few other things to try 😉

          d19dotca 1 Reply Last reply Reply Quote 0
          • d19dotca
            d19dotca @robi last edited by

            @robi Actually you lead me onto a great idea. I went and did some RBL checks on those IP addresses I see sending the forms, and sure enough most of the recent ones are in the Spamhaus XBL list. Now to see if I can somehow get that data into Cloudron as a large listing or something, may be a huge help in reducing spam / bots to the websites.

            jimcavoli robi 2 Replies Last reply Reply Quote 2
            • jimcavoli
              jimcavoli App Dev @d19dotca last edited by

              @d19dotca Now that's a good thought!

              1 Reply Last reply Reply Quote 1
              • marcusquinn
                marcusquinn @d19dotca last edited by

                @d19dotca not had any spam issues TBH, so I think so. Like I say, we have the pro version but not harm in trying the free.

                1 Reply Last reply Reply Quote 0
                • robi
                  robi @d19dotca last edited by

                  @d19dotca
                  Nice work, that's a great start - existing known spammers.

                  Now they just need to be in the right format list.

                  It would help to make a new thread with your findings and share the list.

                  1 Reply Last reply Reply Quote 2
                  • jdaviescoates
                    jdaviescoates @d19dotca last edited by

                    @d19dotca I always install Wordfence which I really like. You could also try https://wordpress.org/plugins/goodbye-captcha/

                    The idea of bringing in spam IP lists sounds like a good plan too.

                    robi 1 Reply Last reply Reply Quote 2
                    • robi
                      robi @jdaviescoates last edited by

                      @jdaviescoates Looking at WP Bruiser I can't tell what it does.. there's a lot of marketing around it but it also seems like a lot of cloak and dagger.

                      It would be nice to know how it works.

                      marcusquinn jdaviescoates 2 Replies Last reply Reply Quote 0
                      • marcusquinn
                        marcusquinn @robi last edited by

                        @robi We use WP Bruiser with a bunch of add-on licences, generally we check everything for performance and code quality before committing to a choice, so it was a while back now but I don't recall any issues since.

                        robi 1 Reply Last reply Reply Quote 0
                        • robi
                          robi @marcusquinn last edited by

                          @marcusquinn that's nice. do you know what it does to stop bots?

                          marcusquinn 1 Reply Last reply Reply Quote 0
                          • marcusquinn
                            marcusquinn @robi last edited by

                            @robi I know we don't have a bot problem 🙂

                            Quick look at the reports on one website would suggest so:

                            20014755-6e1f-470c-a921-e0744f0999de-image.png

                            robi 1 Reply Last reply Reply Quote 0
                            • robi
                              robi @marcusquinn last edited by

                              @marcusquinn it's ok to say you don't know how it works too 😆

                              marcusquinn 1 Reply Last reply Reply Quote 0
                              • marcusquinn
                                marcusquinn @robi last edited by

                                @robi I truly don't care how it works. I care about how things work that no-one else has solved 🙂

                                1 Reply Last reply Reply Quote 0
                                • jdaviescoates
                                  jdaviescoates @robi last edited by

                                  @robi I've no idea how it works either!

                                  1 Reply Last reply Reply Quote 0
                                  • First post
                                    Last post