How are you dealing with uptick in attacks?
 

I've been seeing a crazy uptick in attack attempts.

Dealing with it using Cloudflare, Wordfence, hosts manual blocks of super problematic countries and IP ranges, host modsecurity measures, and upgrading approximately one million sites running on old php versions to something more current. I should probably also discontinue some stuff entirely.

I know nobody here would ever run old legacy webmaster software, but are you seeing this on your legacy sites?

How are you battling the attack issue?

Eliminating all countries that don't have any business on my sites was a big start... I wish AWS and Azure would do something about it too, they refuse to get their clients to stop scrapping my sites...
WG

I would imagine with all of the AI it's much easier to build software to probe sites and platforms and figure out a way in.

i built a network security system a long time ago and it handles the non-stop attacks fine.

for us the attacks started in 2016, so we've had time to tweak and optimize. security is still my most time consuming task.

one helpful thing to do is straight up ban CN, RU, HK, and a few others. i just redirect them to an affiliate program. then you just need to be scanning for rogue activity.

#porncms

Is most of it coming from Singapore and/or Ireland?

if i require surfers to send an email for a un/pw to view the site.

landing page would have my email not formatted as a mailto: hotlink...

but as text like gfy at gmail.com ...

can a bot figure that out?

what if i ask surfers to email AND to mention their "favorite color"?

What if this type of thing were available as a plugin? Block all the annoying countries...

Be back in a couple hours...

Zipping right along...

https://i.imgur.com/d7U2qjR.png

Back. It's done.

GeoShield Pro - WordPress plugin for country and ASN blocking.

Features:
- Country blocking (blocklist or allowlist mode)
- ASN blocking with one-click presets for AWS, Hetzner, OVH, DigitalOcean, and 60+ other cloud/hosting providers
- Monetize blocked traffic - redirect to affiliate offers instead of 403
- Link rotation for A/B testing
- Full logging with stats and CSV export
- Works behind Cloudflare/Sucuri/Akamai

Looking for a couple beta testers before I put a price on it. PM me.

WiredGuy? Check your facebook pm

https://i.imgur.com/qi5EM6v.png

https://i.imgur.com/jj6TZyW.png

https://i.imgur.com/ItR5Ex5.png

https://i.imgur.com/lSHmAvF.png

https://i.imgur.com/i75JcVC.png

https://i.imgur.com/bvwD27Y.png

As soon as I get a couple of beta testers with some of this garbage traffic to test it and I work out the bugs, it's gonna be right here :thumbsup

https://webigniter.com/geoshield-pro

would my low tech solution work...?

half this thread taken over by some wordpress shit.

what a joke :1orglaugh

go back to kindergarten...

#

I've started carrying a knife when I'm out at night...

It'll stop the dumb bots, not the smart ones.

Obfuscating the email as text ("gfy at gmail.com") will dodge basic scrapers that just look for mailto: links or regex patterns. That's probably 80% of the automated garbage.

But any modern bot or AI can parse "gfy at gmail.com" as an email address without breaking a sweat. And "favorite color" is trivial - bot just says "blue" and you'd never know the difference.

If you want to stick with low-tech, make the question something only a human in your niche would know.

Like "What site did [industry person] start on?" or "What's the name of the third gallery on the tour page?" - something that requires actually looking at your content.

Or just use a simple CAPTCHA on a form.

Trying to outsmart bots with clever tricks is a losing game - they've seen it all.

If WordPress discussion bothers you that much, I built a Chrome extension called Tango Down that lets you make annoying GFY users disappear with one click.

Might be useful for you. :thumbsup

Happy New Year!

Update: Crawler Protection Added

WiredGuy reached out privately with a valid concern about ASN blocking - Google's AS15169 covers both Googlebot AND Google Cloud. Same with Microsoft's AS8075 covering Bingbot and Azure.

Block those ASNs to stop bot traffic and you accidentally kill your SEO.

He was right. Fixed it within minutes.

The solution:

The plugin now pulls the official crawler IP lists directly from Google and Bing:

https://developers.google.com/static...googlebot.json

https://www.bing.com/toolbox/bingbot.json

These get cached and refreshed weekly. Before any ASN block is applied, it checks if the IP is a known search crawler. If so, it's automatically allowed through.

There's a checkbox in settings: "Protect Search Engine Crawlers" - ON by default with a warning about what happens if you turn it off.

You can now safely block all of AWS, Google Cloud, Azure, Hetzner, OVH, etc. without worrying about blocking the crawlers that share those ASNs.

Thanks to WiredGuy for catching this before it became a problem for someone.

This is why I post here before pushing things wider - you guys know your shit.

Even if you dont want to try a plugin for this, there is the information on how to fix this yourselves :thumbsup

doing your WP plugin dev in this thread is lame :1orglaugh

people were probably looking for a security discussion not your sales and dev spam.

#

It's on brand tho.

Just be glad he's getting his attention fix with this now instead of the other shit he does 🤣

Seems like 95% of the security issues and scams I hear about these days are people getting their phones hacked, mostly Android.

Interestingly nothing from Ireland, but definitely had to block Singapore at the server level. Had to do it on different servers at different hosts with different types of sites.

Holy crap you're still around!