Hostname blocking doesn’t work

Are you using wildcards in your Wordfence blocking rules? Examples from my Wordfence
Hostname
*.sadecehosting.net
*.amazonaws.com

Or referrer
*notey*

Using .htaccess is a convenient way of doing some Apache configuration, but it’s resource intensive as it reloads during every every page load, so it’s best to keep it short and not including demanding routines. Blocking using Wordfence application firewall is less resource intensive.

Consider working your defense from the “application side.” IN other words, concentrate on configuring Wordfence and perhaps use a few more security plugins:
WPS Hide Login
IQ Block Country with Admin Block enabled ($5.00 year)

Two things with Wordfence 1)When frequency blocking, set with fairly lengthy block times, I use two days 2)If you study your logs and such, you’ll see certain types or specific URLs the bots are attacking, develop your own rules with wildcards, and create a robust list of blocks in the Wordfence Immediatly Block URLs feature.

Yes I used wildcards, here’s an example:
Advanced Block User Agent – amazonaws, Hostname – *.amazonaws.com 21/07/2018 16:08 Hammering Permanent 0 Never
As you can see, 0 blocks….?

Nothing…. I don’t want to block the entire USA just because of amazonaws.com
So that is out of the question. I don’t know how .htaccess would consume more resources than Wordfence, it makes absolutely zero sense as Wordfence has to go through Apache in order to make the blocks so if anything .htaccess should consume less resources. Anyway that’s not the issue, I only resorted to .htaccess because Wordfence hostname blocking doesn’t work and surprise, .htaccess hostname blocking also doesn’t work.

Here’s a very interesting experiment I made:
I added my own IP in .htaccess and it only partially works. I am getting blocked from visiting any wordpress dashboard page, but I am not getting blocked from visiting the external website. Like an article for example. What the heck? I don’t understand, it makes my head explode! I need to mention that I’m using WP-Supercache and Cloudflare at the same time. Can this be some sort of caching issue???

Thanks for your help mountainguy2 ! I really appreciate it!

Caching will drive you crazy with this sort of thing, while testing eliminate all caching possible, and of course clear browser cache before any testing. I use an entirely separate computer on a VPN IP address for testing.

The speed issue is nuanced. I’ve tested Wordfence for overhead and it’s amazingly fast. WordFence tech support told me once that it’s better and faster in many ways than .htacces, due to how Wordfence performs blocking, etcettera. My tests verified that. The main problem with .htaccess is that it loads over and over and over again, if it’s got slow stuff in it, like reverse DNS lookups and huge IP tables, plus lots of redirects, it’s resource intensive. Google it up, this is common knowledge. To actually utilize Apache efficiently requires setting up security at the upper level, using software such as CSF or ModSecurity. Doing so is good because it helps limit the server login and SFTP login attacks that neither .htaccess nor Wordfence have any effect on. I spent years tweaking .htaccess, with a high traffic site at issues with bandwidth, in my experience it’s better to keep the .htaccess simple and short, and use either application firewalls or again, full-on server firewalls such as CSF. My two cents, anyway.

MTN

I already have CSF installed but in CSF you can only block IPs, not hostnames, check and see for yourself if you don’t believe me. I don’t know about mod_security though if you can block hostnames in it. I appreciate your advises but don’t worry my .htaccess is pretty clean. Its not too loaded with junk. Adding a few hostnames in it shouldn’t be a problem for a decent VPS anyway. Besides I simply am unable to find a way of blocking hostnames. Nothing works, not even Wordfence can block hostnames. I can block IPs through various ways, I don’t need help with that, I need help with blocking hostnames. That is what doesn’t work for me no matter what I do and I don’t know why.

This amazonaws is driving me crazy. After more indepth study I learned that this is an attack from CCBOT: https://commoncrawl.org/big-picture/frequently-asked-questions/ which uses Amazon AWS
Don’t worry, I already added this User-agent: CCBot Disallow: /
to my robots.txt but such a bad bot doesn’t give a …. you know what about robots.txt
It completely ignores it and goes on doing its job hammering with thousands of requests per day. I think Im getting somewhere around 10.000-20.000 hits from this bot! This is basically no different than DDOS! I blocked all its IPs but it always comes with new IPs! I need to block the entire hostname amazonaws. HOW??? Can anyone help please?

In any case, again, perhaps try approaching this from the “other” side using Wordfence, working on your frequency blocking and blocking specific URLs that the bots perhaps are attacking. I’ve found the frequency blocking to be super effective, as well as the URL blocking. Sorry, I’m as mystified as you are as to why you can’t simply block everything coming from amazonaws, perhaps someone from Wordfence could chime in here. MTN

Hi @justatest47

I’ve tested the option to block hostnames in Wordfence and I can see it’s working fine, there is an easy way to test that, you can go to (Wordfence > Blocking > Advanced Blocking) and -temporarily- block “*.amazonaws.com” hostname (please don’t fill in the useragent or any other field except the reason field), then go to “GeoPeeker” website to generate traffic for your site, now you can see these blocked requests in Live Traffic log.

These request has no “amazonaws.com” as their user agent, perhaps that’s why your rule isn’t working.

Let me know how it goes,
Thanks.

Hi @justatest47

Since we haven’t heard from you for a while I’m going to go ahead and resolve this thread. If you have any other questions or concerns, don’t hesitate to open a new one.

Thanks.