Blocking repeated visits

Website, Application, Performance Security
1

I see the same ip address visiting my site around 40 times an hour, Always to the same login page. so I’ll usually block the ip in firewall, cos I’m sure it’s probably up to no good. As soon as I block it, a few minutes later the same pattern will start from another IP address And on it goes, day after day.

I tried to set a rate limiter, but the options in that are very limited. it will only let me set to block when ip visits x number of visits inside ONE minute, not inside 3 minutes, for example. So I can’t stop it that way. So it visits usually very coupLe of minutes.

Any idea how I can stop this happening continuously? as it skewing all my traffic figures

Thanks

2

You’ll need to find common attributes of these requests and block based on them.

Can you post log excerpts of a couple of such requests?

1 Like
3

Hi Sandro,

thanks for reply. Its very difficult to find any commonality between them, as almost all sender details change each time, location, ip, browser etc. However I have noticed one common thread, its always either WinXp or Win 8 desktop.

Perhaps I should issue a captcha ‘challenge’ when these conditions are met? As there aren’t too many people I’m sure, visiting my (mobile centric) site with Desktop win xp or Win 8?bot3

4

But even the ISP itself changes?

Again, post a few excerpts from your log as that would allow to establish common attributes. Otherwise checking for XP and 8 might actually work, though don’t block them just challenge them.

5

yes, the ISP changes too

Here are 2 more examples below. If I don’t block them, they will visit probably 40 times an hour, every hour

bot2
bot2726×167 17.7 KB

bot4 .

6

If I wanted to block using win8 ands WinXP criteria, what should I select in this drop down field Sandro?

Capture

7

Is it always Chrome 79? If so you could filter by that.

As for the field, that will be the user agent.

8

thanks, I set this up, up it doesn’t appear to have intercepted anything at all and the win8 and winXP visits are still coming.

Can you see anything wrong in the settings?

Capture
Capture1075×543 14.3 KB

9

You will need to use contains and the right tokens from these user agents.

https://developers.whatismybrowser.com/useragents/explore/operating_system_name/windows/ might help here.

11

ah of course, I’m using ‘equals’ ok thanks Sandro.

12

Something of that sort might work

http.user_agent contains "Windows NT 6." or http.user_agent contains "Windows NT 5."

Though it will also challenge Windows 7 and Windows 2000, but I guess that shouldn’t be too much of an issue.

13

ok, windows NT? Not Windows 8 (and XP)

14

Windows XP and 8 are NT :slight_smile:

Everything since 2000 is based on NT → List of Microsoft Windows versions - Wikipedia

1 Like
15

ok, but then that would basically block or challenge everyone who visited with a desktop, no?

16

oh sorry, you said NT6 and NT 5 only

ok thanks!

17

Its catching those visits now…thank you! :slight_smile:

18

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.