For some reason, my firewall isn’t deploying; I’m getting hit by bots every 30 seconds on xmlrpc.php. I’ve set a rule to block URI: /xmlrpc.php, but it didn’t work, and then I tried the full URI path, but still the same result. Probe goes through and is captured by Wordfence.
I’ve also set up a bad bots list, but only one bot has been blocked so far.
Any help, please? I’d prefer to let Cloudflare block these attacks since it’s putting a load on my server.
Cloudflare was automatically set up via the Siteground back-end, how would I “orange cloud” it? I’m getting hit with requests every 15 seconds to 2 minutes. To try and curb it, I’ve switched on “Under Attack”, but even so, there’s still bots coming through, even though the JS challenge is active.
Do you have a login to administer your website via Cloudflare or is it all done by the third party? If the latter i’d raise a ticket with them. If the former, you can simply login and enable the proxy via the DNS tab for the relevant records.
Thank you very much for your response. It’s much appreciated.
It’s all done by Siteground; I tried to access the DNS via Cloudflare, and they said that I should do it via Siteground.
I’ll definitely take a look though. It seems that blocking the IP’s in the Siteground backend did the trick, for now, otherwise I’ll deactivate cloudflare via the backend, and activate it straight through cloudflare.
I’ve proxied the DNS through Cloudflare’s nameservers, and firewall is working, but only partially. For some reason, it’s only blocking one country, and there are still others slipping through.
I’ve whitelisted South Africa, since that’s where I am based, but blocked all access to xmlrpc.php, although, they are still slipping through and getting caught by Wordfence. Expression is (http.request.uri contains “/xmlrpc.php”).