Hello!
I have each day 1000+ spam with refer from “my-domain”, when I block in Firewall my own domain as an Refer, then the Content & Images are missing. Only Text is online.
I use Wordpress.
as i understand, when block refer is to my own domain, then it block also the content because its loading from my domain, or?
So are they using “my-domain” as the referrer or your actual domain?
To answer to reply, when a web browser loads a web page it first loads the html file and it will request any other content that is in the file and that will have the refer as your own domain.
Cant we add some code, that domain refer as link click or something has to blocked but content NO?
We get 1000+ short visits each day,
each IP has 5-20 visits. All over the World.
Every Time in statistics wp shows: refer “our domain” or refer “WWW.our domain”.
We need to block all visits based on refer of our domain. But if we turn such Block ON, no Template and Images are appearing.
Suppose you add an encrypted header on first visit and update it on subsequent requests. Then attacker just need two requests instead of one to become a legitimate referrer so this is not a good line of defense. You may challenge all clients by Browser Integrity Check (BIC) for preventing Bad Browser from reaching your website.
What do you mean with bad browser?
Bad Browser means a lightweight http client which is used in attacks. It cannot pass Cloudflare challenge (you may seen that bouncing dots for 5 seconds before visiting the website).
No, because real site access will have your referer included!
Is there anything else specific to the spam you can use in a rule? Country, IP, user-agent etc. Or is it only certain target subpages targeted? Most spam is stopped by the ‘challenge’ so if you can get a rough match to put in a firewall rule and use that instead of block you’re at least only inconveniencing real users rather than blocking them.
All is a mix of IP’s, Countries and Different browsers
And when you talk of them ‘spamming’ your site, what are they actually doing? If it’s just visiting your site is it worth affecting real users to thwart them? If it’s posting comments there’s other ways around that such as captchas.
Regardless, in the absence of a set fingerprint such as their location you could base your firewall on cf.threat_score and just keep on finetuning to a level you’re happy with. Note that I strongly recommend a challenge rather than a block so as to not annoy real people as you get your threshold right.
2 Likes
This topic was automatically closed after 30 days. New replies are no longer allowed.