I run a couple of servers with approx 260+ wordpress sites varying from shops to personal blogs. Through all the traffic generated, roughly 60% of that is bot traffic, even when high secure things are turned on through litespeed, cloudflare and imunify360; its still not stopping the majority.
https://github.com/White-Raven/honeypot_wp-login.php
So i think to myself, lets screw up that network of bots which is driven by crackers who run through such lists; and yank up their data traffic significant enough to raise flags at the owners of the websites who are hacked. I think this is the only answer to a ongoing problem where such botnets with their bruteforces do slow down stuff, consume resources and force us owners to seek to paid options to secure our stuff.
Genuine traffic has no business in login into wordpress pages – let alone if there's a wordpress site. I deployed above to rougly 15 national and international sites, and i already see hits appearing.
You said you have cloudflare so I assume you have bot and data scraper protections but what about geo blocking? I noticed blocking traffic from Russia, China, Africa, Tor, etc gets rid of 99% of bots.
Your [`fooyoubots.php`](https://github.com/White-Raven/honeypot_wp-login.php/blob/main/hp/fooyoubots.php) that redirects to Hetzner can be considered a DoS for which you will be held liable. You can’t just redirect bot traffic (the traffic you’re complaining about) to someone else and expect there to not be consequences:
//As of now, I did it so it would make less well-coded bots download a 10GIGABYTE file, just to try if I can crash them or at least make them chug.
//Perk of redirecting to this file instead of an external page directly: you don’t have to allow external sources in your Content-Security-Policy: form-action ‘self’; header.
//If you want it to just loop back directly to the honeypot, then you should just modify the header(“Location: $rootlink/hp/fooyoubots.php”);
//to header(“Location: $rootlink/wp-login.php”); and header(“Location: $rootlink/wp-login.php?action=lostpassword”);
$url=’https://speed.hetzner.de/10GB.bin’;
echo ‘<META HTTP-EQUIV=REFRESH CONTENT=”1; ‘.$url.'”>’;
There are also some legitimate bots that are considered perfectly legal, that would fall victim to your redirect. Intentionally trying to crash their systems can also land you in trouble.