Very High & High Risk Ips and Host Not Blocked

Hello @angie101 and thanks for reaching out to us!

Could you show me some of your Live Traffic details where these IPs are connecting to your site?

I checked the 3 IPs you provided in your thread. None of them have been marked as malicious. As long as your firewall is optimized and you are maintaining strong secure passwords, you are protected and shouldn’t have to worry about hunting these bots down.

Bot traffic is completely normal but you can set tighter Rate Limiting restrictions if you want to shut the bots down. Navigate to Wordfence > All Options > Rate Limiting to change those settings.

https://www.wordfence.com/help/firewall/rate-limiting/ is from our docs and can help you set those rules.

If you have any questions at all, I would love to help!

Thanks!

Hi Adam,

Thank you for replying.

When you say these ips are not marked s malicious, where did you look them up?

For example on https://scamalytics.com/ip/73.193.110.185

I get this warning:

IP address 73.193.110.185 is a very high fraud risk. This IP address is owned by Comcast Cable Communications who are themselves a low risk ISP. Scamalytics see low levels of traffic from this IP address across our global network, almost all of which is fraudulent. We apply a risk score of 100/100 to 73.193.110.185, meaning that of the web traffic where we have visibility, 100% is suspected to be fraudulent. If you see web traffic from this IP address there is potentially a very high risk that it is criminals engaged in fraudulent activity

Also, yes “Bot traffic is completely normal” you want Google and other search engines of course and stat bots and such.

But these are not the ones I am talking about.

Wordfence has done a great job blocking hackers, touch wood, as my site has not been hacked since I installed it.

However, I am talking bot that scrape your site for images

Take a look at these highly toxic backlinks I acquired thanks to bots that plastered identical images from my sites on their mirror pages:

https://christian-pace-1770.web.app/

https://elizabeth-gregg-9472.firebaseapp.com/

https://anne-garza-n8978.firebaseapp.com/

THIS is the stuff I am looking to prevent, Bots that are up to NO good

• This reply was modified 4 years ago by Angie101.
• This reply was modified 4 years ago by Angie101.

The firewall will block IPs based on their known reports of Brute Force attacks. As for spammer bots, you might be best tightening up your Rate Limiting settings.

Can you screenshot your Wordfence > All Options > Rate Limiting for me?

We can see what we could change to prevent these bots.

Thanks!

Thank you, Adam.

I took a screenshot, but I don’t see the option here to upload an image

So it’s copy/paste

If anyone’s requests exceed 120 per minute then throttle it
If a crawler’s page views exceed 240 per minute then throttle it
If a crawler’s pages not found (404s) exceed 60 per minute then throttle it
If a human’s page views exceed 240 per minute then throttle it
If a human’s pages not found (404s) exceed 60 per minute then throttle it
How long is an IP address blocked when it breaks a rule 1 month

Thanks

Those seem like pretty secure Rate Limiting rules. You could test by switching the throttle to block for crawlers.

Throttling is generally better than blocking because any good search engine understands what happened if it is mistakenly blocked and your site isn’t penalized because of it.

You can also add IP blocks manually if you would like to.

Let me know if this was helpful!

Thanks!