How to stop malicious crawlers?

Collapse
This topic has been answered.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • alevchenko
    replied
    Thanks for the feedback!

    I'd like to inform you that our dev indeed has long-term plans for implementing the HTTP DDoS & enumeration attack defence in Imunify360 but for now we either have news for this feature nor ETA.

    I believe it will be definitely announced on our blog https://blog.imunify360.com/

      Leave a comment:

    • glenn
      replied
      Thanks Alevchenko. I will use.

      On a side note, it would be nice if Imunify had some intelligence built-in to detect these types of subnet attacks. I only notice them when it impacts server performance and many such attacks get through.

        Leave a comment:

      • alevchenko
        replied
        If I understand you correctly and you wish to block all addresses that belong to the subnet "47.128.*.*" which is mentioned in your initial request, you can use "47.128.0.0/16" if you are blacklisting in the UI and the following command if you wish to do it via the CLI:
        HTML Code:
        imunify360-agent ip-list local add --purpose drop 47.128.0.0/16 --comment "block crawlers"
        Refer to https://en.wikipedia.org/wiki/Classl...v4_CIDR_blocks for corrections.
        Last edited by alevchenko; 05-17-2024, 05:27 PM.

          Leave a comment:

        • glenn
          replied
          How do I express the IP in the IP field? Like this: 47.128.*.* ?

          Thanks

            Leave a comment:

          • alevchenko
            replied
            Hi G,

            Imunify360 can protect from attacks coming repetitively from the same IP address. Attacks from various IPs (and activity like DDoS) are not currently identified by Imunify, unfortunately. (See for reference https://cloudlinux.zendesk.com/hc/en...ith-Imunify360)

            As an option, you can add the whole subnet for addresses 47.128.*.* to the Black List: https://docs.imunify360.com/dashboar...dd-ip-manually

            For crawler blocking, you can use a custom rule for blocking one: https://cloudlinux.zendesk.com/hc/en...ng-custom-rule
              • Selected Answer

              Leave a comment:

            • glenn
              started a topic How to stop malicious crawlers?

              How to stop malicious crawlers?

              I've seen crawlers come through using a different IP for a different session, i.e. 47.128.*.*

              How can I add this to the blacklist, and is there a way to get Imunify to better identify when someone is using 100s of IPs to get around the firewall and automatically block it? Imunify does not seem to pick up on this kind of attack.

              Thanks
              G
              Tags: None
              Previous template Next
              Working...

              We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

              By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

              I Agree