Blocking Unused traffic

firewall
wordpress
traffic

#1

Hi
Someone trying to break our server by auto refreshing my WordPress sites continously from 5days, I am using Amazon EC2 Server to host my site. When i block their ip then they came up again with new ip & location to do same auto refreshing my WordPress site.
I was used a plugin to block ip address, But now i am using cloudflare Firewall to block ip.

When i repeatedly blocking their ip, now they using https://translate.googleusercontent.com to refresh our website.
Please help, they are breaking our site & eating bandwidth and CPU.


#2

You can try raising the security level of your website (under the Firewall tab). Alternatively, you can try putting rate limiting on the domain, so that after X requests they would be blocked - this is a bit heavy handed of an approach though as it will affect anyone going over the limit.


#3

Hi
Thanks for your guide
Can i know that will rate limiting effect other user, If i limit 100 then it will block all user those pageviews are more than 100 or it will block only user those single url views more than 100.

How this work anyone refreshing only single url 24hours of day. Any possible limit single url views by single user, for example if any user refresh same url 100 times in few minutes/hour will get blocked.


#4

How many times per day do they refresh it? Could you provide the IP in question? This IP might not be malicious.


#5

Hi,
If i not block the ip, then 1minute page views goes to 20-70. In one hours almost goes to 1200 pageviews.

Current Visiting IP: 86.121.197.225, 86.121.68.11 but now they using https://translate.googleusercontent.com to auto refresh one page of our WP site. So i can’t block this, blocked this ip but didn’t work as they used translate.googleusercontent.com

Past visited IP:
91.200.12.21
51.255.202.66
144.217.240.34
37.187.96.78
148.251.43.239
185.163.1.11
158.69.215.7
193.107.85.62
46.29.248.238
46.165.254.166
176.10.104.240
178.17.170.13
212.83.140.95
91.200.12.49
137.74.167.96
84.53.225.118
185.100.87.82
162.247.73.204
144.217.167.240
89.32.127.178
163.172.153.12
212.47.227.114
162.247.72.202
144.217.94.96
18.85.22.204
198.50.200.131
149.202.185.34
179.43.146.230
216.239.90.19
199.87.154.255
144.217.60.211
207.244.70.35
128.52.128.105
204.85.191.30
171.25.193.78
163.172.160.182
93.174.90.30
51.15.196.158
192.160.102.170


#6

Most of the IP Addresses you sent me belong to https://torproject.org/ who provides a web browser which allows people in countries with censorship to freely access the internet. These are likely human viewers.

You could CAPTCHA the country code t1 with Cloudflare’s firewall if you think these users are bots however most likely your website is popular in a country with censorship - you can also implement blocking on the entire Tor Network however it’s not recommended and I won’t provide technical advice on doing so (if you want to harm the censored and 3rd world countries you’re on your own with Google!).

I do not think any of those IP Addresses are ‘out to get you’ and I don’t think those visitors are sending enough traffic to drastically harm your Amazon VPS.


#7

You can set how many requests per preset time ranges (1s or 1m for free plan) are allowed per visitor. Any single visitor that goes over the limit is blocked for a certain time span (1m or 1hr for free plan). These are enforced per user.