User enumeration scan

  • Resolved Irene

    (@arlinaite)


    3 years, 9 months ago

    Hi,

    1) I found that this IP 66.249.64.174 found in Ninja Logs:

    16/Feb/21 12:55:21 #3422525 HIGH - 66.249.64.174 GET /index.php - User enumeration scan (author archives) - [author_name=xxxxx] - xxxxxx.com

    Is a Google bot IP according to Cloudflare filtering.
    I saw other IPS that seems Googlebot too but but I didn’t check them all.

    Isn’t this a strange behavior for Googlebot?

    2) Is there a way to restrict the traffic to my origin server from only Cloudflare and Ezoic, that don’t needed to be done from server level?

    Thanks in advance

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Google sometimes tries to index the author archives. That’s not unusual and also that’s the reason why the firewall doesn’t block the access, but instead redirects to the index page (Google wouldn’t like the 403 Forbidden message).

    Is this your own server, i.e., do you have root access? If you do, I recommend to restrict the traffic at the kernel firewall level for this purpose. Otherwise, at the .htaccess or with NinjaFirewall’s .htninja script.

    Thread Starter Irene

    (@arlinaite)

    “the firewall doesn’t block the access, but instead redirects to the index page (Google wouldn’t like the 403 Forbidden message).”

    I have the following issue, good bots are following referral spam links that request directly the WP internal search. They get an empty result page. I am blocking them now, but I assume by your answer this is not a good policy. What should be the correct status code to show to them?

    It’s my own server managed by Cloudways, they told me that they could restrict to Cloudflare but it will block Ezoic, which is weird to me because I am integrated with Ezoic inside Cloudflare.

    I am planning to do this with ninja.

    Is there a way to block by AS number?
    Or I have to use:

    // Blacklist all IPs from 1.1.1.1 to 1.1.1.255:
// if ( preg_match( '/^1\.1\.1\.\d+$/', $_SERVER["REMOTE_ADDR"] ) ) {
// 	return 'BLOCK'; // blacklist
// }

    Thanks for all your valuable help

    Plugin Author nintechnet

    (@nintechnet)

    Maybe you could try “410 Gone”, which means the page is no longer available?

    AS number whitelist and blacklist are only available in the WP+ Edition. In the WP Edition, you could need to use the .htninja to block IP ranges but not ASN.

    Thread Starter Irene

    (@arlinaite)

    Thanks for your answer.

    AS number whitelist and blacklist are only available in the WP+ Edition

    Excellent!!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘User enumeration scan’ is closed to new replies.