Block malicious bots with cloudways


#1

Is there anyway to block malicious bots with cloudways? On server with root access you can make fail2ban regex filters for too many 404s and too many requests that stop bots but this isn’t possible with cloudways.

When a bot hits site and tries to scan every page at once and try various things to find vulnerabilities the only way CW support suggests to stop it is manually blocking IP in .htaccess which I think is not feasible to sit there all day trying to manually analyze logs and pick out bad IPs. Seems a little crazy.

Support suggested this plugin: https://www.wyomind.com/magento2/security-enhancement-magento.html

But that just seems to limit logon attempts and not actual http requests.

Obviously configuring cache helps against bots but it is not always possible to get all pages inside varnish as any non-cachable block will make magento 2 add “pragma: no cache” header which means it misses the varnish cache. Then when a bot hits the site it maxes server CPU.

Right now we have AWS server with cloudways but its periodically performing bad due to not being able to filter out bot traffic.

Any suggestions?


#2

The best way to block unwanted users or bots from accessing your website is to merely outright block these problematic IP addresses by using .htaccess rules. I know it’s not practical, but you can do it at least once in a month!

This can also be done via user agent string rule. For the reference, please have a look at this:

http://mage101.com/?p=416


#3

That is neither practical nor effective.


#5

It would be best to do this from the server level. I found this.