Recent content by ES Dev Team

Honestly, amazing ratio of fradulent traffic to not. I Think this is not because cloudflare is great, but whatever forum this is is great :)

FYI i'm on the pro plan and i'm getting effective protection after some tuning. If they shove me into the business tier ( $200/mo ), i'm 100% building the alternative. So far my 31 other servers don't need cloudflare, they are not running ultra slow magento :)

I have something to confess. This giant distributed scraping wave is walking past some of my non-xenforo fail2ban setups which have a very high CPU load to hit ratio. I moved them to cloudflare, and they are already complaining about some occasional outages in different regions and want my...

Interesting. How do you accomplish this? do you have a custom log format? I'm still in the middle of building my thing, but i thought about this a lot and it turned me off from this plugin. It's interesting otherwise. I have a little script now that can write all the data for a web hit to PHP...

I don't expect any UA identification to work in the future. The majority of bots i see are randomizing theirs. The way i would configure anubis: users submit 5 seconds of CPU time we retain the 'user passed the check' for 30 days so a real user only needs to pass it rarely rework the anubis UI...

I'm a big fan of hetzner lately for my server hosting clients. Product to cost ratio is excellent. However there's lots of sticky things to cut one's hands on with their backend administration, so i would only recommend it to someone else if they're willing to get very geeky.

Damn, you had to ban linux users huh :( If they are using real browsers, then yes, they can get around almost anything. The more people who use anubis, the higher the cpu tax will be on these bot farms and we could theoretically make the job too expensive if tons of people use something like...

Worked for me. Thanks! Interesting, 2.2.x doesn't have this problem, the ideal setting is the opposite

for me port 587 is also broken in 2.3.x. and my provider is blocking port 465 :(

Interesting. I think a lot of scrapers are using real browsers via something like chromedriver. The chinese bot farms tend to use mobile phones because they're cheap. I wonder how effective it is.

About 90% of today's bots pretend to be regular users and use real web browsers. Neither google analytics nor xenforo can differentiate them between Every website of any sufficient size has this problem Check this thread for more info on solutions...

Yep, cloudflare, fail2ban, or something equivalent is now a prerequisite for running a website now. Not a single one of the 32 servers i manage does not have this problem, in addition to lots of people proving for vulnerabilities and trying to break passwords. So is it the case that everyone...

I'm just happy to see development continuing!

If you click on that URL you can tell that the SQL injection is not working since you don't get a 15 second wait. This person is testing your system for vulnerabilities, and in this case it looks the test is being failed. Strange, this returns a 400 code which may not be tracked by existing...

@truonglv I wanted to buy this plugin but i see it is marked unmaintained.. Is there any chance you will maintain it in the future?