Hi people.
I got lots of bot traffic from India to my website two months ago until now.
I created a rule to set a Managed challenge for India only, then an Interactive challenge, but the bots escaped them and accessed the website.
When they access the website, they drain the server resources. So, I blocked India from accessing the website.
Are there any other solutions to block only bot traffic?
The image shows the IP requests for the past 24 hours.
Your IPs aren’t all coming from India:
165.232.173.104 - AS14061 - DIGITALOCEAN-ASN - DigitalOcean, LLC, Singapore
167.172.87.157 - Same
165.22.48.29 - Same
164.90.213.225 - AS14061 DigitalOcean Germany
etc…
You could start by blocking the ASN 14061 as its a VPN/Proxy, and, if you don’t care about Singapore or German traffic then block them as a country as DigitalOcean seems to be the source of about half the attacks on our sites so we block it
Check each IP to see where it is, find the common ASN’s - more than likely the proxy & VPNs like Akamai, OVH, Ionos, tor endpoints, Clouvider, godaddy, etc., etc…, then block as appropriate, or turn it around - where do you want traffic from? Then block everything else
Thank you paul32
I’m trying not to block any country. I blocked about 40 IPs using the .htaccess file, but when I block some, others show up.
I checked the IP addresses, they are as you described. But on Google Analytics, they are all from India.
If you are using Cloudflare then block them in Cloudflare before they hit your site rather than using .htaccess
Okay, Paul32.
Any idea how to block only bot traffic from accessing my site? considering that the normal Captcha doesn’t prevent all bots from accessing the website.
I blocked ~1600 ASN with type hosting (including general hostings like Hetzner, OVH, .etc, and different clouds) where bots are generally originated from. So, it took me about 7 days to collect all this ASN numbers. I set 3 WAF rules on a free CF tariff and got about 3-15k requests per domain per 24 hours blocked.
First, have a read here: Community Tutorials
Then - identify who you want to block, there is no magic button for “block all bad bots” as they appear all the time and evolve
Identify the ASNs / IPs / User agents / countries / etc. for the bots that are hitting you - they will probably be from the many VPN/Proxy providers; digitalocean, ionos, microsoft, akamai, ovh, etc., etc., there are thousands of them - you have to put the work in if you want to secure your sites
In the last couple of hours we have had hits from bots and script kiddies in:
AS14061 -DIGITALOCEAN-ASN
AS22363 -PHMGMT-AS1
AS209588 -FLYSERVERS-ASN
AS8075 -MICROSOFT-CORP-MSN-AS-BLOCK
AS63949 -AKAMAI-LINODE-AP Akamai Connected Cloud
AS16509 -AMAZON-02
AS396982 -GOOGLE-CLOUD-PLATFORM
AS24955 -UBN-AS
AS211252 -AS_DELIS
AS4837 -CHINA169-BACKBONE CHINA UNICOM China169 Backbone
AS265172 -E. C. E. Telecomunicacoes LTDA
AS209605 -HOSTBALTIC
AS16276 -OVH
AS211298 -INTERNET-MEASUREMENT
AS27738 -Ecuadortelecom S.A.
None of which we would see as sources of potential customers, so we perm block them
It is much easier to decide who you want as visitors / customers and block everyone else
Some ASNs will only ever be sources of bad traffic, same with some countries
We, and our clients, block entire countries, and continents, and only make our sites accessible to people we want as customers, does it cost us business? No, as we wouldnt deal with or sell into any of the countries we have blocked
As ivangorshkov also says above - collect the data and then start blocking
Check these posts:
You can also enter the game of blocking ASNs/ip ranges or adding rate limiting rules but mitigating bots properly is tedious and expensive.
if a bot detects that its IP has been flagged, they will rotate through a new set of addresses or use proxies that aren indistinguishable from normal users.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.
