Blackhole for Bad Bots - proposing this as a default install
-
@d19dotca see if the source IPs have any correlation, ASN, network or country. Then use the blocking feature in Cloudron.
-
@robi I was thinking about that, but the problem is a couple of my client websites are access from various countries around the world, so I can't really blanket block a country by CIDR rules or something, I'd be worried at that point of blocking people that shouldn't be blocked to visiting my client's website. He's a highly respected ENT surgeon so he has "fellows" and people join him for training for a year from all over the globe. It's crazy where everyone comes from to train with him, haha. Really cool to see, but makes it hard for me to block countries that we'd normally not care about for other sites for example. lol.
-
@d19dotca I hear you.. tough but still worth doing the correlation for other insights.
The other thing you can look into is post comment/form filtering. Perhaps add your own question to solve that is accepted either way, but later helps tell you if you're dealing with a bot or human.
From there there may be a few other things to try
-
@robi Actually you lead me onto a great idea. I went and did some RBL checks on those IP addresses I see sending the forms, and sure enough most of the recent ones are in the Spamhaus XBL list. Now to see if I can somehow get that data into Cloudron as a large listing or something, may be a huge help in reducing spam / bots to the websites.
-
@d19dotca Now that's a good thought!
-
@d19dotca not had any spam issues TBH, so I think so. Like I say, we have the pro version but not harm in trying the free.
-
@d19dotca
Nice work, that's a great start - existing known spammers.Now they just need to be in the right format list.
It would help to make a new thread with your findings and share the list.
-
@d19dotca I always install Wordfence which I really like. You could also try https://wordpress.org/plugins/goodbye-captcha/
The idea of bringing in spam IP lists sounds like a good plan too.
-
@jdaviescoates Looking at WP Bruiser I can't tell what it does.. there's a lot of marketing around it but it also seems like a lot of cloak and dagger.
It would be nice to know how it works.
-
@robi We use WP Bruiser with a bunch of add-on licences, generally we check everything for performance and code quality before committing to a choice, so it was a while back now but I don't recall any issues since.
-
@marcusquinn that's nice. do you know what it does to stop bots?
-
-
@marcusquinn it's ok to say you don't know how it works too
-
@robi I truly don't care how it works. I care about how things work that no-one else has solved
-
@robi I've no idea how it works either!
