WordPress.org

Ready to get started?Download WordPress

Forums

Botnet Attack Blocker
[resolved] Feature Request - Exceptions by domain name (4 posts)

  1. ghuth
    Member
    Posted 1 year ago #

    Hi

    I'm on a (somewhat) dynamic IP, so I use dyndns.org to make sure the occasional IP address change by my host is not too disruptive.

    Could you have the plugin allow exceptions such as "mydomain.mine.nu" as well as IPs?

    ...Or even perhaps provide some other simple way to allow us to bypass the blocker... perhaps a whitelist text file in the plugin directory?

    Thanks, Glenn

    http://wordpress.org/extend/plugins/botnet-attack-blocker/

  2. cheesefather
    Member
    Plugin Author

    Posted 1 year ago #

    Hi, thanks for the suggestion. Checking hostnames would add a significant overhead to the script. At the moment the idea is to use as few resources as possible so that if it's being hammered multiple times per second it still doesn't put a strain on the server being attacked. Users have reported enormous cpu spikes being nullified by installing this plugin. Adding a DNS lookup for every request would change that.

    Are the IPs you're allocated not on the same subnet? You could use partial matching and input 192.168 in the whitelist for example to match any IPs starting with those triplets - or any partial IP address.

    Thanks.

  3. ghuth
    Member
    Posted 1 year ago #

    I'm using a personal account with a pretty large ISPs, so I suspect whitelisting the subnet may well mean that I whitelist some infected machines.

    It's still a good option for me to fall back on though...

    What were your thoughts re

    some other simple way to allow us to bypass the blocker... perhaps a whitelist text file in the plugin directory

    Other options could be checking for a unique code in the request url... I don't know... just SOMETHING to allow me in if the block starts and my IP has changed from what is in my whitelist.

  4. cheesefather
    Member
    Plugin Author

    Posted 1 year ago #

    I've been toying with the idea of something like that, maybe a link to a login with a CAPTCHA field, I'm just concerned about increasing the overheads on the script. I'll have a think about the best way to implement this.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic