Over 2K hits on blog from AliBaba

  • Resolved SueBah

    (@suebah)


    7 months ago

    Hello, I maintain a blog as a writing platform for my work, I do not sell anything. But in the past two weeks, my site shows 2400 hits from AliBaba – basically, every post of my blog.

    Should I be concerned about content theft? Should I be concerned at all? I am also wondering if blocking ISP will be covered with the free version of WordFence. Again, I do not earn money via this site so do not want to spend a lot to sort this out. Any help will be appreciated so much.

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support wfmargaret

    (@wfmargaret)

    Hi @suebah,

    If you want to throttle these visits, you can consider our rate limiting: https://www.wordfence.com/help/firewall/rate-limiting/.? If you’re seeing the traffic in Live Traffic, you can block it there.? You can view additional blocking options at https://www.wordfence.com/help/blocking/.? That said, there is typically no need to block the traffic unless it is malicious.

    I hope this helps!

    Margaret

    Thread Starter SueBah

    (@suebah)

    This does help Margaret, thank you – I also really struggle to understand the point though? I get the concept of bot “attention” but this DID seem so intense. I appreciate your time very much!

    Hi @suebah,

    We experienced a similar attack from Alibaba (Hangzhou, China) not too long ago. Our research revealed they use their resources to identify site vulnerabilities, datamine them, and sell information (example).

    Based on the above, we blocked the following ASNs using two separate Cloudflare WAF rules:

    AS45102 (Alibaba, Hangzhou, China)
    AS24429 (Alibaba Cloud HK, Hangzhou, China)

    So far, no issues. Meaning, no customers have reported issues accessing our site. If any issues reported, we’ll fine-tune our WAF rules.

    On another note, we tried to block the above ASNs using Wordfence but, unfortunately, it does not offer that option.

    In any case, best to block Alibaba (or other bots and bad actors) at the edge (i.e., via CDN) rather than letting them hit your site directly.

    Hope this helps a bit.

    Cheers!

    Thread Starter SueBah

    (@suebah)

    Hey @generosus appreciate this wisdom SO much. I ended up blocking the ISPs via my Bluehost IP whitelisting capabilities but do you think that will be enough? I am not super techy so just asking your opinion ?? I myself can access the site with no issues (as can friends!) but my stats are lower than they have ever been since the attack which does not comfort me …

    • This reply was modified 6 months, 4 weeks ago by SueBah.
Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Over 2K hits on blog from AliBaba’ is closed to new replies.