Wordfence & Amazon

Hello @talis1 and thanks for reaching out to us!

Something we can check is Tools > Live Traffic for a block. See if Wordfence is listing any blocks when you try to access these links. If you are seeing the blocks, you can whitelist these actions directly from Live Traffic.

If its bot related, you could also check on your Rate Limiting settings with regard to cawlers.

Let me know what you find!

Thanks!

hi,
thank you for responding…
I’m not a techie, so I’m including images of what I see.
I’m not sure if its google bots or fake ones – https://imgur.com/N2MN2zL
i see in this image https://imgur.com/U9HUs4U that its starts as a human, changes to a bot and back to human – same IP.
The first time I visited my site and clicked on a link, my viewing session showed up as a bot, not human => https://imgur.com/E7CkMbi
nothing shows up as being blocked by the firewall or blocked otherwise.

Thanks for posting these screenshots @talis1

It looks like these are google crawlers, which is normal from google. The fact that your IP is also showing as a google crawler though is what is weird.

Can you post a screenshot of your Rate Limiting Options as well. Navigate to All Options > Firewall Options > Rate Limiting.

Also, can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

Thanks in advance!

hi,
this is the screenshot” https://imgur.com/f8XyL3B
I also sent the report.
thanks again, very appreciated!

Hello again @talis1

As a test, open your Live Traffic page in a tab, then open another tab and attempt to go to a test site such as yourdomain.com/test1234. Just make sure it’s not an actual existing page, so we can test to see how your Live traffic sees it.

Also, I looked into the google bots that are hitting your site and they are Adsense bots.
https://support.google.com/adsense/answer/99376 will help you better understand what they are doing.

Let me know what you find!

Thanks!

View post on imgur.com

I’m wondering if there are other visitors that also show up as bots but they’re human?
thanks,
T

Detecting humans is less accurate than it used to be because of page caching now used at a lot of hosts, and possibly browser extensions (some can block the hit that confirms a full browser visit and not just a crawler). Page caching can store the hit ID that we normally use to tell visitors apart, so multiple visits are associated with a single hit, and some of their own hits may not be logged.

I see the header X-LiteSpeed-Cache: hit when visiting one of your pages, so that is likely interfering with identifying some hits as humans or bots.

In the first screenshot you sent, those look like real googlebots, since the hostname looked up by Wordfence from the IP is *.googlebot.com.

In the second screenshot, the two ajax calls in the middle happened right after the initial hit. When our script ran to validate that the first hit was human, only the first was re-labeled as a human, but the second two couldn’t be re-labeled. (Partly because they’re ajax and don’t trigger the human check, and partly they happened before the first human check finished.)

In his third screenshot, I don’t think that hit was you, since it has a rate-limited-proxy-*.google.com hostname. It’s likely you either hit a cached page (which won’t show up in Live Traffic at all since PHP & Wordfence don’t run), or had a login cookie that prevented his hit from being logged.

Let me know if this helps!

Thanks!

this definitely helps! thank you. I have a better understanding of how those bots work. i’ve uninstalled lightspeed, and should see a change.
thanks for all your help.
T

Hi,
can you explain or is there an article that explains in non-techie terms, how to interpret “run who is” and determine which bot is legit?
i see tons of bots from all over the world crawling my site, including countries shown as blocked due to trying to access my site.
thanks.

If you visit https://whois.domaintools.com/ you can look up any IP to see where it is originating from. Bot hits on a site are completely normal in most cases.

You can limit the amount of traffic that attempts to hit your site with our Rate Limiting Rules on the Firewall Options page. This configures how crawlers and humans are treated.

I generally set my Rate Limiting Rules to these values to start with:

• If anyone’s requests exceed – 240 per minute
• If a crawler’s page views exceed – 120 per minute
• If a crawler’s pages not found (404s) exceed – 60 per minute
• If a human’s page views exceed – 120 per minute
• If a human’s pages not found (404s) exceed – 60 per minute
• How long is an IP address blocked when it breaks a rule – 30 minutes

I also always set the rule to Throttle instead of Block. Throttling is generally better than blocking because any good search engine understands what happened if it is mistakenly blocked and your site isn’t penalized because of it. Make sure and set your Rate Limiting Rules realistically and set the value for how long an IP is blocked to 30 minutes or so.

Remember there is no hard and fast, one size fits all set of rules for every site. This is just a good place to start. During an attack you may want to make those rules stricter. If you see visitors, like search engine crawlers getting blocked too often, you might want to loosen them up a little.

Hope this helps!

Thanks!

thank you!