Welcome to WebmasterWorld Guest from 54.242.115.55

Forum Moderators: open

Security Suggestions Welcomed

     
6:15 am on Feb 21, 2019 (gmt 0)

New User from CA 

joined:Feb 21, 2019
posts: 7
votes: 0


Hello,

I have about 400 domains parked and all of the wondrous web traffic that comes with each domain is all focused on one wordpress installation; I believe/think that I have WP pretty well hardened, but with the sheer volume of traffic I fear that it is just a matter of time.

Thus I am looking for any cheap and easy solutions.

Website content is really only welcome from North America and ideally I would like to drop or block the rest.

- dropping IP addresses for about 80% of the world with htaccess is impractical because of the deny size, imho?

- on another normal, single domain website, I am using geo-enabled DNS and just dropping all traffic outside of North America, it is beautiful, simple and effective, but also requires 400 paid dns services for this application

Any other suggestions or ideas?
10:38 am on Feb 21, 2019 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11608
votes: 193


you might want to look at this:
How to block access to your server [webmasterworld.com]
10:47 am on Feb 21, 2019 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:Sept 26, 2018
posts:68
votes: 19


A free solution is to host a IP geolocation database on your server (Maxmind offer a free version) and with some server-side code you can block countries by their two-letter contry code.
12:16 pm on Feb 21, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:9233
votes: 780


Your other option it to whitelist what is allowed, rejecting anything that does not match.
12:33 pm on Feb 21, 2019 (gmt 0)

Preferred Member from CA 

Top Contributors Of The Month

joined:Feb 7, 2017
posts:536
votes: 47


If you block specific IP ranges of the worst offenders, you will drastically cut down your traffic to a dull roar instead of a tsunami wave. There are some well known and persistent actors, so if you knock them out traffic will certainly go down. Go through your raw access log and target those that are trying to break into your site, or are looking for vulnerabilities. They are very easy to spot. If you have time, then go after bots that simply waste bandwidth with daily requests for everything.

I also recommend installing 2FA two factor authentication on your WP site, as well as do a scan for vulnerabilities. One of the main issues are bots trying to break into your security using brute force. This can really waste resources. Send them 400s with 2FA.

If each site is a subdirectory and not in root, you can use a single htaccess and SetEnvIf to protect them, using inheritance.
2:00 pm on Feb 21, 2019 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:4198
votes: 264


If the 400 parked domains are only redirecting traffic to the one you wish to protect, you only need to pay the DNS fees for that one domain. The others are dropped at its door, right?
2:55 pm on Feb 21, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:9233
votes: 780


More specifically, if these are parked (not viable domains) then the only thing you want is bots from g and bing. That should be four (4) allowed bots (2 each) and pretty simple ips allowed. If these are for sale, then take other steps to include allowed resources.
9:16 pm on Feb 24, 2019 (gmt 0)

New User from CA 

joined:Feb 21, 2019
posts: 7
votes: 0


A free solution is to host a IP geolocation database on your server (Maxmind offer a free version) and with some server-side code you can block countries by their two-letter contry code.


Thanks; I ended up using the WP plugin IP2Location Country Blocker which is working pretty well. I am using the free dbs for the time being which have hugely dropped traffic overall but there seems to be holes in both of them. I am close to the US/CA border and not sure if this is a factor as I am still getting shall I say cr@p out of the PNW area.

It is kind of a band aid solution, it would be nice to protect at the server level as opposed to app level but I am on a shared account for now.

Your other option it to whitelist what is allowed, rejecting anything that does not match.


That is still a pretty large amount of info to process with every request, no? (all of Canada and the US)

If you block specific IP ranges of the worst offenders, you will drastically cut down your traffic to a dull roar instead of a tsunami wave. There are some well known and persistent actors, so if you knock them out traffic will certainly go down. Go through your raw access log and target those that are trying to break into your site, or are looking for vulnerabilities. They are very easy to spot. If you have time, then go after bots that simply waste bandwidth with daily requests for everything.


a htaccess file is going to get pretty big pretty fast; I think that an ideal solution would be to incorp a geo db at a firewall/http server level and then deal with the rest

I also recommend installing 2FA two factor authentication on your WP site, as well as do a scan for vulnerabilities. One of the main issues are bots trying to break into your security using brute force. This can really waste resources. Send them 400s with 2FA.


That I am not so worried about; I have long random passwords and login limit protection in place as well as other low hanging fruit taken care of.

If each site is a subdirectory and not in root, you can use a single htaccess and SetEnvIf to protect them, using inheritance.


all resolve to one root.

If the 400 parked domains are only redirecting traffic to the one you wish to protect, you only need to pay the DNS fees for that one domain. The others are dropped at its door, right?


Not exactly sure, I am pretty much a n00b. All domains are registered at a third company; nameservers are set to resolve with my hosting company and parked on my "master" domain.

So a request for domainnumber51.com as an example, would be served by my hosting company and sent to my IP address/master domain still, no?

More specifically, if these are parked (not viable domains) then the only thing you want is bots from g and bing. That should be four (4) allowed bots (2 each) and pretty simple ips allowed. If these are for sale, then take other steps to include allowed resources.


They are viable, they resolve to a page generated for each domain.

Thanks.
5:55 am on Feb 25, 2019 (gmt 0)

Senior Member from ES 

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 13, 2005
posts:679
votes: 8


You could install a Wordpress security plugin (WP Cerber Security, i.e.) and get many ideas while checking the reports.
6:26 pm on Feb 25, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:9233
votes: 780


That is still a pretty large amount of info to process with every request, no? (all of Canada and the US)
Who do you want to access these pages?

Whitelisting is far easier than blacklisting by a long shot.

I assumed the domains are "viable" since they are parked. They do not have any CONTENT, correct? If that is the case Tom, Dick and Harry won't be interested.
5:06 am on Mar 4, 2019 (gmt 0)

New User from CA 

joined:Feb 21, 2019
posts: 7
votes: 0


You could install a Wordpress security plugin (WP Cerber Security, i.e.) and get many ideas while checking the reports.

I am running an excellent free firewall, WP Cerber, Honeypot Toolkit and now IP2location country block as active defences.

IP2 seems to have holes, but it has now got me to the point that I can start to manage some of the more hazardous threats. If anything is going to get me it is going to be something poking out from a freaking Tornode; but those are endless also: [dan.me.uk...] .

Just for reference, 5 weeks running now with IP2 up for the past week and I am at 96k visitors and 372k hits. It is safe to say that 99.99999% of that traffic is undesirable.

Perhaps I should just roll with it and put banner ads up? ;)

Who do you want to access these pages?

Whitelisting is far easier than blacklisting by a long shot.

I assumed the domains are "viable" since they are parked. They do not have any CONTENT, correct? If that is the case Tom, Dick and Harry won't be interested.

All of the domains are for sale, so what should happen is that Tom, Dick or Harriett goes to a WHOIS and then goes to the domain to pursue the matter further or not; or someone comes across the name in a search and clicks and resolves. Each domain has its own page that is generated with a title, keywords, graphics and a blurb, so not really "content" but not a generic parking page either.

Whitelisting is going to be hugely more workable, but even a whitelist for Canada alone is going to be sizable. apache will have to parse that list for every http request and that will slow/load it down, no?

798 KB allow IP list for Canada and I would like to open it up to the US also - [ip2location.com...]
5:48 am on Mar 4, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:9233
votes: 780


goes to a WHOIS and then goes to the domain to pursue the matter further

With changes to whois after GDPR ... that might not be so easy.

IP bans alone are not how you manage undesirable traffic. Take a look at the Spider forum here [webmasterworld.com...]
6:24 am on Mar 4, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15494
votes: 744


798 KB allow IP list for Canada
wtf? The last time I compiled a list of Canadian IP ranges, it came out to 87k. And that's including the < /24 slivers--/27 here, /29 there--living on other regions' servers, which you would almost certainly never bother to whitelist.
8:08 am on Mar 4, 2019 (gmt 0)

New User from CA 

joined:Feb 21, 2019
posts: 7
votes: 0


With changes to whois after GDPR ... that might not be so easy.

it hasn't changed recently, not here at least we have had privacy for a while; most people with some knowledge will run names through a registry, or direct at CIRA and then investigate further; the domain name, if it is taken will resolve to my site. All one has to do is type in the domain name.

The last time I compiled a list of Canadian IP ranges, it came out to 87k. And that's including the < /24 slivers--/27 here, /29 there--living on other regions' servers, which you would almost certainly never bother to whitelist.


Is there another way; 798 is the output from IP2Location?
5:12 pm on Mar 4, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15494
votes: 744


Is 798k the size after you've done all consolidation? For example
1.2.4.0/24 + 1.2.5.0/24 + 1.2.6.0/24 + 1.2.7.0/24 = 1.2.4.0/22
for a savings of 30 bytes or 75% of original filesize. And for the real space-guzzlers,
1.2.3.4/32 + 1.2.3.5/32 + etcetera = ... 0 (zero)
because anything in slivers that size is a server farm in the first place, and would therefore never be whitelisted.
5:57 pm on Mar 4, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:9233
votes: 780


Whitelisting acceptable human UA and desired bots and the other side of the equation has been helped immensely.