A A A
Forum Scope


Match



Forum Options



Min search length: 3 characters / Max search length: 84 characters
Forum Login
Lost password?
tips-topic
Feel like giving up in this war against Bots!
...View Related Tags
Avatar
Simple Press
392 Posts
(Offline)
11
Dec 17, 2018 - 5:21 pm
Print

If it helps anyone, we use three layers of firewall on this site.  First is Cloudflare – stops a lot of bad stuff before it even hits our servers. Any traffic that does hit our servers is then filtered through a set of custom Web Application Firewall rules before it hits the WordPress site.  Anything that makes it through that is then filtered by WordFence.  Nothing works perfectly and each vendor responds to emerging treats differently at different rates – so having multiple security layers is the best approach in our opinion. Performance takes a small hit but we’ll take security over performance any day.

Even with all that, there is still a bunch of stuff that makes it through and attempts dictionary style login attacks.  Those eventually gets taking care of by blocking based on number of failed attempts and such…

Avatar
jim
Here and Now

630 Posts
(Offline)
12
Dec 19, 2018 - 2:39 pm
Print

mann said
Not only are the bots registering but surprisingly they created around 500 subsites on my site…

It sounds like you’re running a WordPress Multisite network. If not, then the hosting account has been seriously compromised.

If so: Do you run any sort of Splog moderation and control, other than captcha on your registration page?

We run a very large WPMS network at Tripawds. I’ve been fighting spam blog registrations for years and have implemented various methods to bring it under control.

Anti-Splog is the first step.

I also implemented a Signup Code and display that on the reg page, to ensure humans are filling out the form.

Finally, I am working with the developer of Beyond Multisite, who is almost ready to release an update to include Blog Moderation, which allows us to prevent first posts from being published, with an easy way to delete sites and users. No ETA on this, but the beta is working great.

FYI: These methods are in addition to server level csf firewall, and our Wordfence Premium account.

TripawdsSimple:Press powers the Tripawds Discussion Forums.

It's better to hop on three legs than to limp on four.

The Tripawds Blogs Community is made possible by The Tripawds Foundation.

Avatar
FidoSysop
Clearwater Florida

577 Posts
(Offline)
13
Dec 19, 2018 - 2:52 pm
Print

Spam bots are a pita. I use cleantalk.org which is a bargain considering Akismet is now a pay service. The spam firewall is a really good feature. 

ctsc.jpgImage Enlarger

Attachments
  • Doc ~ An old Fidonet SysOp. Just hanging out in cyberspace keeping up with tech.
Forum Timezone: America/New_York
All RSSShow Stats
Administrators: Blues Dancer, Simple Press, SP Community Support
Top Posters:
Mr Papa: 19448
Ike: 2086
Brandon: 864
kvr28: 804
jim: 630
FidoSysop: 577
Conrad_Farlow: 531
fiddlerman: 358
Stefano Prete: 325
Newest Members:
BadSantaeni
Patrice Elizabeth
Caroline Norriss
Web team
Pavol Vrabec
Hélène CLEMENT
Forum Stats:
Groups: 7
Forums: 17
Topics: 10062
Posts: 79357

 

Member Stats:
Guest Posters: 607
Members: 16915
Moderators: 0
Admins: 3

Most Users Ever Online
499
Currently Online
Guest(s)
12
Currently Browsing this Page

1 Guest(s)