One of my online shops uses WooCommerce. I sometimes have highly collectible products listed on the website. The URL where these products would appear is as follows:
​
/shop/?orderby=date
​
I constantly have many IP requests per minute to these URLs from what we can only assume are bot accounts.
​
I have a Sucuri firewall installed to block malicious attacks, but these requests get through.
​
My daily workflow involves logging into the hosting panel and checking the top IP addresses by requests in the last 15 minutes, then manually adding them to the Sucuri IP blacklist in the access control tab.
​
Without fail new IP addresses crop up every day despite my manual bans, sometimes within minutes of clearing offending IP addresses. These IP addresses are always making the same request to /shop/?orderby=date 90 times every 15 minutes.
​
Other IP addresses are making continuous requests to /?wc-ajax=get\_refreshed\_fragments which I assume is trying to check if a certain product is in stock and can be added to a basket. These repetitive requests are being manually dealt with currently however this is tedious and never-ending.
​
Furthermore occasionally the situation gets so out of control that the entire website is overloaded causing all sorts of issues like duplicate orders and duplicate payments being taken. This always happens during our peak period of activity leading up to Christmas.
​
What is the recommended way to handle these bots and scrapers? Currently there is no way in Sucuri as far as I can see, to set a rule where, for example, if an IP maxes X number of requests per minutes to the same URL repeatedly, while not visiting other URLs or otherwise exhibiting normal user behaviour, then automatically ban this IP for X days.
​
How can I configure this firewall to better protect my website from these automated scripts?
[ad_2]
Where is your website hosted?
Seems like a captcha would be helpful for your site. I believe you can setup CloudFlare (or similar) to automatically test suspicious IPs. Might be worth looking into.
You can block them with Cloudflare before they reach your server.
Free Cloudflare might help, but Cloudflare Pro has some “advanced rate limiting” options:
I have not tested the WAF myself yet, though.
I don’t know much about Sucuri, but with WordFence, you can set up rules like you described to throttle or ban poorly behaving bots.
There’s also a simple plugin called BBQ Firewall that will block the most egregious offenders, and requires no configuration at all.
And Cloudflare can help block a lot of them before they even reach your site.
All of the above are free, or at least have a free tier, so you can do some trial and error testing to see what works best in your situation.
What sort of caching are you running? I know Woo isn’t exactly *fast*, but I’d think it should be able to keep up with this…
If you have mod security available you can block these requests fairly easily.