Support

In the last two weeks our website receive lots of wrong pages requests from allover the world.
What's the best approach to deal with this kind of requests, beside the 404 No Page Fund redirect?

Thanks for your time and support.
Mark

Mark,

Take a look at the 404 Shield. What it does is make the 404 a security exception so your auto-ban settings will work against the IP address trying the attack.

Go to Web Application Firewall, Configure WAF, on the Cloaking tab. Note that 404 Shield needs to be activated with the switch. Then you can put partial URLs in the second field that will trigger the security exception. You can see several common WordPress URLs that should never be seen for a Joomla! website as samples.

Dale,

Thanks for comeback to me. In the Cloaking tab, the 404 Shield is CHECK and in the second 404 Shield field is ad one by one a partial requested address.

Even that, some of the added addresses like "wp-info.php", the 404 is triggered again by repeated requests.
Also, noticed that the same page request is generated from same and/or different country that have different IP address.

Did, I miss something or I have to do other think to block such behavior?

Thanks for your help and support
Mark

Mark,

The 404 Shield won't stop the 404 errors, they really are 404 errors. What it does is makes them a security exception so your auto-ban settings can ban the IP addresses if they meet the ban criteria. Depending on your auto-ban settings, that should reduce the number of 404 errors you see.

Dale,

I readjust the AUTO-BAN to :
Block after 1 attacks, in 1 Day / Block for this long 1 Day
Permanently blacklist IP after 1 automatic IP blocks.
Probably, this is drastic, But. I hope will stop the "COVID-19" :-))

Hope you and your are safe and well.

Thanks
Mark

So, please advice about the Auto-Ban best settings.

Thanks.
Mark

Mark,

I think your auto-ban settings are too tight. That's going to ban folks who typo their password.

How about using Bad Words instead? Set up Covid as a bad word (wouldn't we all love to do that!) and let the Bad Words filter keep it out.

Dale,

Thank you for idea. I will implement and report back in few days about the result.

Until then, stay safe, and lovely.
Mark

Hi Dale,

I implement the Bad Words filters and DO NOT WORK.
Definitely, this is an attack from hacker/crawling boot requesting inexistent pages ( NOT a bad links ) with spoofed IPs allover the world. Blocking the IPs will not serve any good and adding approx. 500 / day errors in 404 Shield field will not stop this kind of attack.

Any further idea how to prevent that?

Thanks
Mark

Mark,

Blocking the IPs for a short time will just make the bot use a different one. You're trying to annoy the hacker. Banning the IPs for a long term is definitely not productive. And you run the risk of banning the IP of a real visitor.

You can't really stop him. You have to wait until he gets bored and goes away. There are some heavy duty tools like CloudFlare that can stop a DDoS attack, but that is not trivial to set up.

Dale,

Base on your advise I add the 404 error links in 404 Shield and in Anti-spam Bad Words.
Now the 404 errors is intensifying, which cis clear indication of wrong approach from our part.
Any further thoughts will be welcome.

Thanks
Mark

Mark,

I don't think increasing your defenses is the wrong approach. The attacker has noticed that you're shoring up your defenses and has increased his efforts. What exactly he's trying to do is unclear. He doesn't appear to be probing anything. The level of attack is not really effective as a DDoS attack, there 's not enough traffic. It looks like it's just a script kiddie.

There is a write up in our documentation here.

And Nicholas' comments were:

Admin Tools is designed to BLOCK attacks. You cannot PREVENT attacks. Attacks are not under anyone's control except for the attacker's.

What he's doing right now makes sure that his site fends off the attacks. Exactly as it should.

Thank you guys for further enlighten.

All the best
Mark

You're welcome!

This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.