Can you auto-block an IP based on URL structure?

  • Resolved pixieblitz

    (@pixieblitz)


    1 year, 11 months ago

    We’re getting lots of attempts to reach spam buddypress group URL’s. We had such a bad problem with spam users creating fake groups that we completely disabled the group feature – so now nobody should be finding any links to those groups… But somehow there’s still a decent chunk of attempted traffic to various plantswap.org/groups/SPAMMY_GROUP_NAMES which are getting not found errors.

    So, two questions:
    1) Any idea why this keeps happening?
    2) Any way to auto-block those IPs?

    Thank you!

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @pixieblitz, thanks for reaching out to us.

    Unfortunately in many cases such as this, visits to URLs are done with no prior knowledge of the plugins or platform you’re running and are done in a hit-and-hope manner. However, always making sure your plugins, themes, and WordPress itself are the latest versions should limit the chance of one of these ever succeeding.

    Wordfence handles its blocks by looking at the intent of an IP’s visit rather than just the page they tried to visit. The plugin does all of the important blocking for you so it’s our general recommendation to not implement manual blocking regime – which can be time consuming to keep up with current URLs and IP ranges etc. However, if your site is being hit many times from this specific attack, I can see why you’d want to stem the flow.

    As you’ve disabled the group feature altogether, you may see some success from using Wordfence > All Options > Firewall Options > Advanced Firewall Options > Immediately block IPs that access these URLs. As wildcards are possible here, you could enter /groups/*, or even more specific if the spam groups always begin with the same sequence of characters like /groups/example*. Be aware that even as an admin you WILL be blocked if you visit any of those URLs, even as a test.

    You can read more here: https://www.wordfence.com/help/firewall/options#immediately-block-urls

    Thanks,
    Peter.

Viewing 1 replies (of 1 total)
  • The topic ‘Can you auto-block an IP based on URL structure?’ is closed to new replies.