Protecting a Wordpress site with Prettylinks plugin using Cloudflare Rate Limiting?

ratelimiting
wordpress

#1

Hello, I have a Wordpress blog like “example.com” and I use Prettylinks plugin for my affiliate link redirection. If my website prettylinks redirection script is “example.com/redirect/first-url.php”, then how can I protect my prettylinks redirects using Rate Limiting feature for a set number of clicks for the redirection for any particular random ip? What will I have to put in the URL field "is it

/redirect/

or anything like

/redirect/script <>

or anything else?

Note: Here all the URLs reside in the “Redirect” folder (like in example.com/redirect/first-url.php etc)

I just want to protect my entire site from any particular random ip and limit their access to the redirection script (example.com/redirect/first-url.php or example.com/redirect/second-url.php etc) to a set number of clicks and then ban that particular ip from clicking and redirecting to my affiliate links anymore. Also, Do anybody know how to check to know how many requests a particular page on your website generates to completely load?? Will it be 1 request for 1 url redirection as far as prettylinks redirection script is concerned (pardon me but that question is only directed at any wordpress prettylinks users here)? Thank you for your replies and any possible solution.


#2

Hi @lendee - I see that you never got a response. Are you still looking for help or did your issue get resolved?


#3

Hello, I am still looking for help, any help would be greatly appreciated.

Thank you for contacting me to offer help.


#4

Hello @lendee,

If all of your scripts reside in the /redirect/ path so you should create a Rate Limiting rule with that pattern: www.example.com/redirect/*


#5

Ok, Thank you for your help, will try it and let you know if I need any
further help from you. It is because I am also using WordFence wordpress
script and use their rate limiting features, I will have to disable that
plugin and test how the CloudFlare rate limiting is working, thanks again
for your help.


#6

Dear @ryan i’m sorry to annoy but can you tell me what’s this mean?
And do i have a problem or may it be normal thing?
I have ithemes plugin premium version.


#7

That can’t be good. It looks like you have some rogue files injected into your site. Do you a site cleaning/firewall plugin? I use Wordfence, which does a pretty good job of cleaning things up and protecting your site. The free version does an excellent job.


#8

@sdayman i have ithemes


#9

It appears that iThemes only scans, and does not repair. I read the link regarding malware, and it just describes the malware signature.

I’d first get rid of that 404javascript.js file and see how far that goes in cleaning up your site. Then scan it again. I’d bet there are still problems…especially if those other two links are flagged as harboring malware.

You can keep hunting the malware down, but I’ve used Wordfence in the past when I had a compromised site and it’s never happened again.


#10

I installed it and was running scan and it finished i will delete them all that’s ok? @sdayman


#11

Dear @ryan could you please see this issue?


#12

This looks like progress!

For post.php: Restore Original Version
For wp-feed.php: Delete
For wp-vcf.php: Delete
For class_wp.php: Delete

Then run the scan again.


#13

I did that already and wordfence scan didn’t show anything. but iThems still tell me the same message above about that malwares nothing was changed !! @sdayman @ryan

What should i do now ? :cold_sweat:


#14

Clear your site cache, if you have one, then clear the Cloudflare Cache from Cloudflare’s Caching tab: Purge Everything.

Then scan again.


#15

Still the same problem @sdayman


#16

Are you running ads?

At this point, I don’t know. I checked the scan results, and Securi says it’s a call to oclaserver. Search results show this is typically a locally installed malware for a browser. Anyhow, I don’t even see a call to that domain in the page source for the URLs on your site.

It will probably require deeper digging to see how this is being injected. A scan from gravityscan.com (also by Wordfence) turns up nothing.


#17

Dear @sdayman i’m not running ads yet. What should i do now and do this is a high risk?
or may be normal and don’t exist since it dosen’t be appeared with Wordfence ?


#18

I’d look for a third opinion. Other than Secur’s alerti, I see no evidence of malware. But it could just be some clever implementation that only shows up for some browsers. Maybe there’s something in you .htaccess file that’s part of the problem.


#19

@sdayman Thank you for your forwarding but what should i do now?

Also this appears with firefox and chrome and maybe all other browsers that i didn’t test yet.


#20

Since your iThemes plugin initiated this alert, I suggest you contact them.