Is there anyway to block malicious bots with cloudways? On server with root access you can make fail2ban regex filters for too many 404s and too many requests that stop bots but this isn’t possible with cloudways.
When a bot hits site and tries to scan every page at once and try various things to find vulnerabilities the only way CW support suggests to stop it is manually blocking IP in .htaccess which I think is not feasible to sit there all day trying to manually analyze logs and pick out bad IPs. Seems a little crazy.
Support suggested this plugin: https://www.wyomind.com/magento2/security-enhancement-magento.html
But that just seems to limit logon attempts and not actual http requests.
Obviously configuring cache helps against bots but it is not always possible to get all pages inside varnish as any non-cachable block will make magento 2 add “pragma: no cache” header which means it misses the varnish cache. Then when a bot hits the site it maxes server CPU.
Right now we have AWS server with cloudways but its periodically performing bad due to not being able to filter out bot traffic.