Attacks from Microsoft IP's?

Anyone else having issues with wordpress and environment attacks from Microsoft IP’s and ?
We are getting literally thousands of wordpress attacks across a range of our sites coming from these IP’s
We already had blocked all M’soft ASN’s 8071 - 8075 due to regular smaller attacks but today we are getting bombarded with them
Any best practices other than ignore them as they are blocked?

That’s my approach. I get the same behavior from AWS as well.

Thanks, I blocked all M’soft ASN’s, Oracle ASN’s, AWS ASN’s, and then started adding others like OVH, Leaseweb, Ionos, etc., as they attempted various things
I am now taking a whitelisting approach as its probably simpler
I’m guessing that its a waste of time reporting anything to M’soft or similar?

Yep. It’s just noise and it’s most likely the abuser will just spin up a different server with a new IP address on their own.

I basically have a firewall rule allowing known bots and immediately after I have a firewall rule blocking AWS, Azure and GCP ASN.

It depends on your website but for mine, traffic coming from datacentres are not the kind of traffic we normally want to serve.

The only traffic we see from data centres, M’soft, AWS, & Oracle is attempted attacks and as you say none of them are of any interest to us.
Luckily being UK based we can happily block all US traffic, along with most other countries, and it had no impact on our business - we decided that of we wont sell to people & businesses in a country then they don’t need to visit us, particularly if all we get is bad traffic

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.