Want to know a simple way to stop your website from being hit by thousands of automated attacks every week? A FREE way.
Ban traffic from China, Hong Kong (aka China) and Russia (mostly China though.)
Some software allows this, some WordPress plugins do, but CloudFlare is my favourite here.
Sometimess you want their traffic, or you need to route internet traffic through their servers, as is the nature of the internet sometimes. So, you don’t block them outright – you instruct CloudFlare to issue them with a challenge (a captcha of varying difficulty.) You then set your server to ban an IP address after a large amount of 404 errors (file not found) in a short space of time.
Here’s a VERY small sample of what I recently had:
How I fixed it? Screenshot follows…
As you can see, any visitor from China, Hong Kong, or Russia will be given an interactive challenge to solve. This won’t stop strikes at my server itself, necessarily, so I then block the IP manually via the server firewall if the attack is bad or frequent enough.
Heads up: UFW is a good firewall for Linux (combine it with fail2ban), and “pf” is good for Mac OS, biut is disabled and hidden by default, so something like Murus lets you easily (kind of) set it up and configure it to actually protect you (Apple’s built in firewall is hopeless.)