How to protect your site?

WAF – Web Application Firewall

DDoS – distributed denial-of-service (Cloudflare)

Pros:

  • For any sites

Cons:

  • Freemium

Firewall rules

#User Agent
User Agent - contains - badbot - block
User Agent - contains - Googlebot - allow

#Referer
Websites with suspicious traffic

IP Access Rules

ASN (autonomous system number):

Black list Cloud computing:
Main:
AS15169 GOOGLE
AS8075 MICROSOFT-CORP-MSN-AS-BLOCK
AS14618 AMAZON-AES
AS39832 NO-OPERA

Other:
AS32181 ASN-GIGENET
AS61317 ASDETUK
AS206092 SECFIREWALLAS

Suspicious may used by VPN:
AS14061 DIGITALOCEAN-ASN
Black list TOR:
AS208294 RELAYON
AS212906 MONEROJ-CA
AS62744 QUINTEX
AS60729 ZWIEBELFREUN

White list:

AS16276 OVH
AS328309 Globacom-AS
AS36351 SOFTLAYER
AS29465 VCG-AS
AS396356 MAXIHOST
AS12876 Online SAS
AS9009 M247
AS12989 HWNG
AS63023 AS-GLOBALTELEHOST
AS202422 GHOST
AS57000 LINKIWAY
AS6939 HURRICANE
AS22363 PHMGMT-AS1
AS29256 INT-PDN-STE-AS STE PDN Internal AS
AS26464 JOYENT-INC-
AS4761 INDOSAT-INP-AP INDOSAT Internet Network Provider
AS53667 PONYNET
AS29182 THEFIRST-AS
AS58717 SUMMITCOMMUNICATIONS-BD Summit Communications Ltd
AS23693 TELKOMSEL-ASN-ID PT. Telekomunikasi Selular
AS60068 CDN77 \^_^
AS24940 HETZNER-AS
AS59253 LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd.
AS30633 LEASEWEB-USA-WDC

IP, IP range, country

ip addresses and countries from which ddos attacks are coming

php (Project SECURITY)

Pros:

  • Protect from SQLi Attacks (SQL Injections), XSS Vulnerabilities, Proxy Visitors, VPN Visitors, TOR Visitors, Spam and many other types of threats.

Cons:

  • Block only ip4

Project SECURITY

Apache HTTP Server (.htaccess)

Pros:

  • Block useragent

Cons:

  • Only in Apache HTTP Server

Documentation

Example .htaccess

RewriteEngine On
RewriteBase /


##############################
# Ban on access to the site  #
##############################

############
# Ban bots #
############

# Variables

# By name
SetEnvIfNoCase User-Agent "python" bad_bot
SetEnvIfNoCase User-Agent "curl" bad_bot
SetEnvIfNoCase User-Agent "wget" bad_bot

# Universal rules
SetEnvIfNoCase User-Agent ^$           bad_bot
SetEnvIfNoCase User-Agent .*\@.*       bad_bot
SetEnvIfNoCase User-Agent .*bot.*      bad_bot

# Good bots
SetEnvIfNoCase User-Agent .*google.*  !bad_bot
SetEnvIfNoCase User-Agent .*bingbot.* !bad_bot
SetEnvIfNoCase User-Agent .*yandex.*  !bad_bot

# Blocking bots and useragents
<Limit GET POST HEAD>
order allow,deny
allow from all
Deny from env=bad_bot
#</Limit>

############
# Ban ip   #
############

#<Limit GET POST HEAD>
Deny from 1.2.3.4
Deny from 1.2.3.5
</Limit>

###################
# Allow only 1 ip #
###################

#<Limit GET POST HEAD>
#order deny,allow
#deny from all
#allow from 127.0.0.1
#</Limit>

Recapcha

hCaptcha

Google recaptcha

Also

Check visitor ip

iphunter



If you have found a spelling error, please, notify us by selecting that text and pressing Ctrl+Enter.

Scroll up

Spelling error report

The following text will be sent to our editors: