Your help will be greatly appreciated.
I have WP Multisite but is only one site. Is an informational site with ads.
I have to integrate with Ezoic in my server. Cloudways implemented X-Middleton by advice of Ezoic for this purpose, besides that is not working because I cant see user IP, the consequence is that I cant block with firewall rules bots with X-Middleton in the user agent.
My Ezoic account have been paused due to invalid traffic. I don’t know which is the source of the invalid traffic. But they pointed that I have to ask support from Cloudways, In Cloudways they told me to look for help in Cloudflare, They offer me to restrict the traffic to the one is camming from Clouflare, but they are not doing it. How can I scan or audit what is going on?
I have Cloudflare firewall rules, and a few days ago I enabled Under Attack and Bot Fight. But wasn’t enough.
Cloudways Bot protection app is incompatible with Ezoic, so they recommend me to use Ninja firewall. I had enabled Full WAF mode.
The only things I see in my site:
5.1) Errors in my error log, and I don’t know how to stop this kind of spam.
Ex: [Thu Jan 14 12:23:45.633013 2021] [proxy_fcgi:error] [pid 32339:tid 140589848721152] [client 126.96.36.199:17040] AH01071: Got error 'PHP message: Error Illegal mix of collations (utf8_general_ci,IMPLICIT) and (utf8mb4_unicode_520_ci,COERCIBLE) for operation 'like' de la base de datos de WordPress para la consulta SELECT SQL_CALC_FOUND_ROWS ar3_2_posts.ID FROM ar3_2_posts WHERE 1=1 AND (((ar3_2_posts.post_title LIKE '% Billige viagra original kaufen schweiz.\xf0\x9f\x8d\xbe\xf0\x9f\x90\xb8 www.DoctorFox.store \xf0\x9f\x90\xb8\xf0\x9f\x8d\xbe Billig glucophage 500 ohne rezept kaufen.%') OR (ar3_2_posts.post_excerpt LIKE '% Billige viagra original kaufen schweiz.\xf0\x9f\x8d\xbe\xf0\x9f\x90\xb8 www.DoctorFox.store \xf0\x9f\x90\xb8\xf0\x9f\x8d\xbe Billig glucophage 500 ohne rezept kaufen.%') OR (ar3_2_posts.post_content LIKE '% Billige viagra original kaufen schweiz.\xf0\x9f\x8d\xbe\xf0\x9f\x90\xb8 www.DoctorFox.store \xf0\x9f\x90\xb8\xf0\x9f\x8d\xbe Billig glucophage 500 ohne rezept kaufen.%'))) AND (ar3_2_posts.post_password = '') AND ar3_2_posts.post_type IN ('post', 'page', 'attachment') AND (ar3_2_posts.post_status = 'publish') ORDER BY (CASE WHEN ar3_2_posts.post_title LIKE '% Billige viagra original kaufen schweiz.\xf0\x9f\x8d\xbe\xf0\x9f\x90\xb8 www.DoctorFox.store \xf0\x9f\x90\xb8\xf0\x9f\x8d\xbe Billig g...'
5.2) I see spam search from well-known bots: 188.8.131.52 - - [14/Jan/2021:12:09:32 +0000] "GET /es/?s= %20apotek%20online%20kodein%F0%9F%A7%B8%F0%9F%8E%8F%20www.Ma yoClinic.store%20%F0%9F%8E%8F%F0%9F%A7%B8%20viagra%20piller% 20uden%20recept%20best%C3%A4ll%20viagra%20p%C3%A5%20n%C3%A4t et HTTP/1.1" 200 12426 "-" "Mozilla/5.0 (compatible; DotBot/ 1.1; http://www.opensiteexplorer.org/dotbot, [email protected]) X -Middleton/1"
Can you enlighten me?
I am struggling I fill that I am hunting in the dark
@irene You can use the WAF and Firewall rules to target that traffic. Depending on the source it may be an ASN or Country that you don’t expect traffic, otherwise you can challenge or block based on the User-agent or any other pattern on the request.
For more dynamic solution we offer premium service upgrades:
Thanks blocking ASN was a great help. I can’t possibly believe what is going on with my site. According with Cloudflare analytics I have the following in last 24 hours:
Unique Visitors 5,080
Good Bots allow 9k
Bad bots block 262
ASN block 15,5k
Yesterday was a half, the number was raised when I added AWS.
Most from User agent axios/0.19.2 and fake Googlebot-Image/1.0 X-Middleton/1
The bad bots block is working only partially, is not blocking bots with X-Middleton in the user agent, however ASN does.
My server has not been able to restrict the traffic to only Cloudflare and Ezoic. I am afraid that I am blocking here and they will come directly without passing through Cloudflare. How can I check how much traffic is coming through Cloudflare and how much is coming directly?
I think that I am still not getting the complete picture, because the request for last 24 hours were:
My site is for people that want to know about the country Argentina. 70% comes from Argentina, and 30% from Spanish speaking world. I have a summarized English translation, for targeting user interested in this country which is a small percentage.
I see that there is not solution for me if Cloudways don’t restrict the traffic