Dynamic IP Addresses

  • Resolved rhisflow

    (@rhisflow)


    4 years, 3 months ago

    Hi Jeff,

    thank you so much for your amazing work in and for the WP community!

    Quick questions:

    1) If an IP address gets blacklisted, this happens “for good”, right (not only for a few hours or so) ?

    The reason I’m asking this is that after reading the answer to this question about blocking IPs permanently, here’s the gist of it as far as I can see:

    Attackers generally cycle through IPs quickly and tend not to reuse them. Attacking IPs often belong to victims, so you risk blocking real users who want to access your website.

    So my question is: doesn’t this answer directly apply to how black hole bot works?

    Meaning it creates a permanent and growing IP blacklist which are very unlikely to be reused by bots, but likely to be assigned to real users in the future, who would then be blocked?

    2) I’m going to apply and start using your 7G Firewall.

    Would you say that in this case, using the blackhole bot plugin is unnecessary?

    It seems to me that the 7G Firewall already blocks a lot of known bots, but I don’t think it actively creates a growing IP blacklist?

    3) Slightly related:

    It also seems to me that I can safely uninstall Wordfence once 7G is up and running, would you agree?

    The only thing I feel would be missing is the rate limiting or “throttling” functionality of Wordfence, meaning anyone (bot or human) trying to access more than x pages in y minutes either gets a “503 temporarily unavailable” response or gets blocked.

    So would you say that in order to not lose the rate limiting, it’s better to just leave this specific functionality enabled, and disable everything else within WordFence?

    Thank you so much!

    Best,
    Flo

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Jeff Starr

    (@specialk)

    Hi Flo,

    Wow great questions! I am glad to help with some infos:

    1) To an extent I agree with all of that. Which is one reason why the plugin provides a link to “Reset Bad Bot Log”. Do that once in awhile and there is no issue with blocking any legit/reassigned IP addresses.

    2) They target different things. 7G is a firewall offering general protection against threats. Blackhole is aimed at disobedient bots that crawl pages looking for exploits. You are correct that 7G blocks a lot of bad bots, but perhaps not as many as Blackhole.

    3) I can’t speak for anything Wordfence, but can tell you that rate-limiting type protection is resource intensive and should only be used/activated when needed. I would not recommend leaving it enabled all the time, unless you are unable to keep an eye on the site.

    I hope this helps, let me know if I can provide any further infos.

    Thread Starter rhisflow

    (@rhisflow)

    Hi Jeff,

    wow, thank you so much for your fast and very helpful answers!

    1) Ok got it, I’ll just hit that “Reset Bad Bot Log” once in a while as you suggested to make sure no reassigned legit IP addresses get blocked.

    2) Ok got it. I noticed that 7G also blockes “amazonaws” Remote host – I was a bit surprised as I wasn’t aware that Amazon’s servers are a problem?
    Also, will that interfere when I have Amazon native ads on my site?

    3) That’s great advice and it may even speed up the sites when disabling rate limiting. So in other words: would you say that with 7G (and maybe even black hole for bots) in place, that there isn’t really a need for rate-limiting protection anymore, anyway?

    Thanks so much!

    Best wishes,
    Flo

    Plugin Author Jeff Starr

    (@specialk)

    Hi Flo:

    2a) “I wasn’t aware that Amazon’s servers are a problem?”

    It’s not amazon, it’s the people that rent them out. Lots of bad actors running all sorts of nefarious scripts on all sorts of servers. Amazon is just one of them that happens to be very cheap and ubiquitous, very attractive and accessible to spammers, etc.

    2b) “will that interfere when I have Amazon native ads on my site?”

    It really depends on how you’ve got things configured. So many variables possible. Best advice is to do some testing to determine proper functionality.

    3) “there isn’t really a need for rate-limiting protection anymore, anyway?”

    That might be a bit too general, I think that a lot of sites benefit from such features. Just have to take it on a case-by-case basis. My own sites are fairly traffic heavy/well known (and frequently attacked), and in 10+ years I’ve never needed to resort to rate limits, etc. Other sites may be bigger targets or have higher visibility whatever, in such cases it may make sense to go always on with such protections. Whatever you do, keep an eye on your site’s log files, they will guide you better regarding such decisions.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Dynamic IP Addresses’ is closed to new replies.