Security issue invalid traffic

Hi,

Your help will be greatly appreciated.
I have WP Multisite but is only one site. Is an informational site with ads.

  1. I have to integrate with Ezoic in my server. Cloudways implemented X-Middleton by advice of Ezoic for this purpose, besides that is not working because I cant see user IP, the consequence is that I cant block with firewall rules bots with X-Middleton in the user agent.

  2. My Ezoic account have been paused due to invalid traffic. I don’t know which is the source of the invalid traffic. But they pointed that I have to ask support from Cloudways, In Cloudways they told me to look for help in Cloudflare, They offer me to restrict the traffic to the one is camming from Clouflare, but they are not doing it. How can I scan or audit what is going on?

  3. I have Cloudflare firewall rules, and a few days ago I enabled Under Attack and Bot Fight. But wasn’t enough.

  4. Cloudways Bot protection app is incompatible with Ezoic, so they recommend me to use Ninja firewall. I had enabled Full WAF mode.

  5. The only things I see in my site:

5.1) Errors in my error log, and I don’t know how to stop this kind of spam.
Ex:
[Thu Jan 14 12:23:45.633013 2021] [proxy_fcgi:error] [pid 32339:tid 140589848721152] [client 3.238.165.133:17040] AH01071: Got error 'PHP message: Error Illegal mix of collations (utf8_general_ci,IMPLICIT) and (utf8mb4_unicode_520_ci,COERCIBLE) for operation 'like' de la base de datos de WordPress para la consulta SELECT SQL_CALC_FOUND_ROWS ar3_2_posts.ID FROM ar3_2_posts WHERE 1=1 AND (((ar3_2_posts.post_title LIKE '% Billige viagra original kaufen schweiz.\xf0\x9f\x8d\xbe\xf0\x9f\x90\xb8 www.DoctorFox.store \xf0\x9f\x90\xb8\xf0\x9f\x8d\xbe Billig glucophage 500 ohne rezept kaufen.%') OR (ar3_2_posts.post_excerpt LIKE '% Billige viagra original kaufen schweiz.\xf0\x9f\x8d\xbe\xf0\x9f\x90\xb8 www.DoctorFox.store \xf0\x9f\x90\xb8\xf0\x9f\x8d\xbe Billig glucophage 500 ohne rezept kaufen.%') OR (ar3_2_posts.post_content LIKE '% Billige viagra original kaufen schweiz.\xf0\x9f\x8d\xbe\xf0\x9f\x90\xb8 www.DoctorFox.store \xf0\x9f\x90\xb8\xf0\x9f\x8d\xbe Billig glucophage 500 ohne rezept kaufen.%'))) AND (ar3_2_posts.post_password = '') AND ar3_2_posts.post_type IN ('post', 'page', 'attachment') AND (ar3_2_posts.post_status = 'publish') ORDER BY (CASE WHEN ar3_2_posts.post_title LIKE '% Billige viagra original kaufen schweiz.\xf0\x9f\x8d\xbe\xf0\x9f\x90\xb8 www.DoctorFox.store \xf0\x9f\x90\xb8\xf0\x9f\x8d\xbe Billig g...'

5.2) I see spam search from well-known bots:
216.244.66.241 - - [14/Jan/2021:12:09:32 +0000] "GET /es/?s= %20apotek%20online%20kodein%F0%9F%A7%B8%F0%9F%8E%8F%20www.Ma yoClinic.store%20%F0%9F%8E%8F%F0%9F%A7%B8%20viagra%20piller% 20uden%20recept%20best%C3%A4ll%20viagra%20p%C3%A5%20n%C3%A4t et HTTP/1.1" 200 12426 "-" "Mozilla/5.0 (compatible; DotBot/ 1.1; http://www.opensiteexplorer.org/dotbot, [email protected]) X -Middleton/1"

Can you enlighten me?
I am struggling I fill that I am hunting in the dark

@irene You can use the WAF and Firewall rules to target that traffic. Depending on the source it may be an ASN or Country that you don’t expect traffic, otherwise you can challenge or block based on the User-agent or any other pattern on the request.


For more dynamic solution we offer premium service upgrades:

Rate limiting

Or Bot Management

Let us know if you have any further questions.

The free tools where not enough, Ezoic scanned the site and said that still see invalid traffic.

The rate limiting, has a very limited configurations settings. I cant find how to setup different options between google bot and other users.

I have a simple informational site, and it is just me, a site owner. The premium tools are out of my scope. And without ads my site is inviable