Forum Scope


Forum Options

Min search length: 3 characters / Max search length: 84 characters
Forum Login
Lost password?
Feel like giving up in this war against Bots!
...View Related Tags
Simple Press
395 Posts
Dec 17, 2018 - 5:21 pm

If it helps anyone, we use three layers of firewall on this site.  First is Cloudflare – stops a lot of bad stuff before it even hits our servers. Any traffic that does hit our servers is then filtered through a set of custom Web Application Firewall rules before it hits the WordPress site.  Anything that makes it through that is then filtered by WordFence.  Nothing works perfectly and each vendor responds to emerging treats differently at different rates – so having multiple security layers is the best approach in our opinion. Performance takes a small hit but we’ll take security over performance any day.

Even with all that, there is still a bunch of stuff that makes it through and attempts dictionary style login attacks.  Those eventually gets taking care of by blocking based on number of failed attempts and such…

Here and Now

630 Posts
Dec 19, 2018 - 2:39 pm

mann said
Not only are the bots registering but surprisingly they created around 500 subsites on my site…

It sounds like you’re running a WordPress Multisite network. If not, then the hosting account has been seriously compromised.

If so: Do you run any sort of Splog moderation and control, other than captcha on your registration page?

We run a very large WPMS network at Tripawds. I’ve been fighting spam blog registrations for years and have implemented various methods to bring it under control.

Anti-Splog is the first step.

I also implemented a Signup Code and display that on the reg page, to ensure humans are filling out the form.

Finally, I am working with the developer of Beyond Multisite, who is almost ready to release an update to include Blog Moderation, which allows us to prevent first posts from being published, with an easy way to delete sites and users. No ETA on this, but the beta is working great.

FYI: These methods are in addition to server level csf firewall, and our Wordfence Premium account.

TripawdsSimple:Press powers the Tripawds Discussion Forums.

It's better to hop on three legs than to limp on four.

The Tripawds Blogs Community is made possible by The Tripawds Foundation.

Clearwater Florida

577 Posts
Dec 19, 2018 - 2:52 pm

Spam bots are a pita. I use cleantalk.org which is a bargain considering Akismet is now a pay service. The spam firewall is a really good feature. 

ctsc.jpgImage Enlarger

  • Doc ~ An old Fidonet SysOp. Just hanging out in cyberspace keeping up with tech.
Forum Timezone: America/New_York
All RSSShow Stats
Administrators: Blues Dancer, Simple Press, SP Community Support, Marcus (Simple:Press)
Top Posters:
Mr Papa: 19448
Ike: 2086
Brandon: 864
kvr28: 804
jim: 630
FidoSysop: 577
Conrad_Farlow: 531
fiddlerman: 358
Stefano Prete: 325
Newest Members:
Lorena Affleck
Hannelore Gaither
Margarito Nowacki
Elwood Mcclendon
Larue Cordeaux
Jerrold Stockman
Forum Stats:
Groups: 7
Forums: 17
Topics: 10071
Posts: 79393


Member Stats:
Guest Posters: 608
Members: 16976
Moderators: 0
Admins: 4

Most Users Ever Online
Currently Online
Currently Browsing this Page

1 Guest(s)