Support Forum

Advanced Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
tips-topic
Feel like giving up in this war against Bots!
Avatar
Simple Press
Admin
sp_UserOfflineSmall Offline
Dec 17, 2018 - 5:21 pm

If it helps anyone, we use three layers of firewall on this site.  First is Cloudflare - stops a lot of bad stuff before it even hits our servers. Any traffic that does hit our servers is then filtered through a set of custom Web Application Firewall rules before it hits the WordPress site.  Anything that makes it through that is then filtered by WordFence.  Nothing works perfectly and each vendor responds to emerging treats differently at different rates - so having multiple security layers is the best approach in our opinion. Performance takes a small hit but we'll take security over performance any day.

Even with all that, there is still a bunch of stuff that makes it through and attempts dictionary style login attacks.  Those eventually gets taking care of by blocking based on number of failed attempts and such...

Avatar
jim
Here and Now
Member
Pro Subscribers
sp_UserOfflineSmall Offline
Dec 19, 2018 - 2:39 pm

mann said
Not only are the bots registering but surprisingly they created around 500 subsites on my site...

It sounds like you're running a WordPress Multisite network. If not, then the hosting account has been seriously compromised.

If so: Do you run any sort of Splog moderation and control, other than captcha on your registration page?

We run a very large WPMS network at Tripawds. I've been fighting spam blog registrations for years and have implemented various methods to bring it under control.

Anti-Splog is the first step.

I also implemented a Signup Code and display that on the reg page, to ensure humans are filling out the form.

Finally, I am working with the developer of Beyond Multisite, who is almost ready to release an update to include Blog Moderation, which allows us to prevent first posts from being published, with an easy way to delete sites and users. No ETA on this, but the beta is working great.

FYI: These methods are in addition to server level csf firewall, and our Wordfence Premium account.

TripawdsSimple:Press powers the Tripawds Discussion Forums.

It's better to hop on three legs than to limp on four.

The Tripawds Blogs Community is made possible by The Tripawds Foundation.

Avatar
FidoSysop
Clearwater Florida
Member

VIP
sp_UserOfflineSmall Offline
Dec 19, 2018 - 2:52 pm

Spam bots are a pita. I use cleantalk.org which is a bargain considering Akismet is now a pay service. The spam firewall is a really good feature. 

ctsc.jpgImage Enlarger

  • Doc ~ An old Fidonet SysOp. Just hanging out in cyberspace keeping up with tech.
Forum Timezone: Europe/Stockholm
Most Users Ever Online: 1170
Currently Online:
Guest(s) 1
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Mr Papa: 19448
Ike: 2086
Brandon: 864
kvr28: 804
jim: 650
FidoSysop: 577
Conrad_Farlow: 531
fiddlerman: 358
Stefano Prete: 325
Member Stats:
Guest Posters: 618
Members: 17361
Moderators: 0
Admins: 4
Forum Stats:
Groups: 7
Forums: 17
Topics: 10126
Posts: 79622