Too many bots from China
- Thread starter new_view
- Start date
Yes, this is fairly common.
If your site doesn't serve a Chinese audience then it would be recommended to just ban the entire country. If you use Cloudflare (even the free version) this can be accomplished in a couple minutes. If you don't use Cloudflare then there will be more work involved.
With the ban in place it will stop a large percentage of these hits, but not all, as there are always ways to get around something.
If your site doesn't serve a Chinese audience then it would be recommended to just ban the entire country. If you use Cloudflare (even the free version) this can be accomplished in a couple minutes. If you don't use Cloudflare then there will be more work involved.
With the ban in place it will stop a large percentage of these hits, but not all, as there are always ways to get around something.
If you had looked around in the forum before posting the thread you had no doubt reconized that this is quite a common issue, comes in waves, countries change and also, if the traffic shows up in Google Analytics or not. The most active thread around the topic is this:
If you're running through WHM you have the option of banning countries through CSF.
Log in to WHM as root.
Navigate to Plugins -> ConfigServer Security & Firewall.
Click Firewall Configuration.
Find the Country Code Lists and Settings section:
CC_ALLOW_FILTER: Enter the 2-letter ISO country codes you want to allow (e.g.US,CA). All other countries will be blocked.
CC_DENY: Enter the 2-letter ISO country codes you want to block (e.g.CN,RU).
Click Change and restart the firewall (csf -r) to apply changes.
Log in to WHM as root.
Navigate to Plugins -> ConfigServer Security & Firewall.
Click Firewall Configuration.
Find the Country Code Lists and Settings section:
CC_ALLOW_FILTER: Enter the 2-letter ISO country codes you want to allow (e.g.US,CA). All other countries will be blocked.
CC_DENY: Enter the 2-letter ISO country codes you want to block (e.g.CN,RU).
Click Change and restart the firewall (csf -r) to apply changes.
If you had looked around in the forum before posting the thread you had no doubt reconized that this is quite a common issue, comes in waves, countries change and also, if the traffic shows up in Google Analytics or not. The most active thread around the topic is this:
Cool, got it.
I kinda don't wanna ban all traffic from China.
I concur; in fact, Singapore was a contender in terms of bots.
That is ibou, a search engine:
Given their mission statement
I would not call them a "bad bot". Also, it does not hide and follows robots.txt.
Yeah, Cloudflare is the way to go here. Even on the free tier, you can set up a WAF rule that challenges traffic from specific countries instead of outright blocking them -- that way legitimate visitors from China can still get through a CAPTCHA, but the bots give up.
On my forum I also turned on Cloudflare's "Bot Fight Mode" (free) and their AI bot blocking under Security > Settings. Killed a ton of scraper traffic overnight without touching real users.
On my forum I also turned on Cloudflare's "Bot Fight Mode" (free) and their AI bot blocking under Security > Settings. Killed a ton of scraper traffic overnight without touching real users.
Given what has been written in the other thread about the experiences with cloudflares free tier vs. residential proxies and what the providers of resident proxies write about it ("no problem for us") I do have some doubts.
Did you read the extensive thread that is linked further up? There is a ton of information about the bot topic and various strategies to deal with them in it.
That's a good point. My forum is fairly low volume so it's worked well for me so far. I have not delved into the other thread yet.