• During an attack that was using the blank or empty user-agent I was able to experiment live. I noticed Wordfence has the ability to Block IP’s who send POST requests with blank User-Agent and Referer.

    I checked that box and they still kept coming. I then disabled all other security plugins and the attack stopped. Empty or Blank user-agents were our biggest problem. Even though they were getting a status of 403 they were not blocked until I removed Brute Protect features.

    I did see no referrer and blank user-agents using the IP address for Bluehost (Unified Layer) where Hostgator has our dedicated server and an IP from WordPress (I believe it was Jetpack). Not sure what they do. It was not hitting often. I am assuming these are uptime checks.

    The suggestion is to add a control feature for block blank user-agents after X number of hits like the other blocking features have. That way if there is a good blank user-agent the bad ones will be blocked after X hits per minute. We were getting 80,000 plus blank user-agents over night on some of our sites.

    Thanks for your great work!

    https://www.ads-software.com/plugins/wordfence/

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Blank User-Agent feature suggestion’ is closed to new replies.