Support » Plugin: iThemes Security (formerly Better WP Security) » How can I completely block http://site.ru Referrer please?

  • I am getting several 404 errors from a referrer site http://site.ru on a daily basis mostly trying to reach WP files such as /wp-content/plugins/wp-setting-dist.php – but it using a large range of IP addresses and hence difficult to ban completely. Is there some some other method I can use perhaps to block the URL?
    Thanks in advance

Viewing 14 replies - 1 through 14 (of 14 total)
  • CehWeb

    (@cabreroehijos)

    I am getting the same issue. I hope that we can receive support for this problem, because I am receiving daily a lot of 404 errors since a few weeks. Thanks and greetings.

    +1

    How can we block a referrer?

    I have the same problem.
    Can anyone help please?

    I have the same issue

    You’ll have to add a rule to your .htaccess file. Here’s a link that describes how:

    https://blog.paranoidpenguin.net/2017/12/malicious-bots-sending-site-ru-as-the-http-referer/

    webformation

    (@webformation)

    Ah thanks so much!!

    Q: How can I completely block http://site.ru Referrer please?

    A: Say goodbye to iThemes Security, and switch to Wordfence. Blocking a referrer is a built in feature, and it has many more.

    I had to give up on iThemes Security. It was creating inexplicable errors and there’s no support for the free version.

    I’ve been using Wordfence for a few weeks now and it’s fantastic. I have site.ru block. The other missing feature in iThemes Security is blocking attempts to access known vulnerabilities such as php files or plugins. iThemes Security will only report these as 404 errors. Wordfence lets you name these files, and block those IPs from further access.

    nlpro

    (@nlpro)

    I prefer this:

    <IfModule mod_rewrite.c>
      RewriteEngine On
      RewriteCond %{HTTP_REFERER} site\.ru [NC]
      RewriteRule ^(.*)$ - [F]  
    </IfModule>
    Eskymo

    (@eskymo)

    So which is best?

    <IfModule mod_rewrite.c>
    RewriteCond %{HTTP_REFERER} site\.ru [NC]
    RewriteRule ^(.*)$ – [L,R=403]
    </IfModule>

    or

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP_REFERER} site\.ru [NC]
    RewriteRule ^(.*)$ – [F]
    </IfModule>

    what’s the benefit of adding:

    RewriteEngine On

    I’m getting pages and pages of requests from site.ru and I’m fed up of trawling through them and having to delete them. so would like to add something to my htaccess file this week to just block site.ru completely, but I’m not expert on htacces code.

    lechon

    (@lechon)

    This is what I use and it worked for me:

    # Ban Malicious Bots From site.ru
    <IfModule mod_rewrite.c>
    RewriteCond %{HTTP_REFERER} site\.ru [NC]
    RewriteRule ^(.*)$ – [L,R=403]
    </IfModule>

    Dunno if I found something that no-one else could find, but –

    ithemes settings>>Banned users>> added site.ru into the ‘Ban User Agents’ section.

    I too have been noticing these site.ru referrals, so we’ll see how it goes with that added into the banned user agents.

    That will add the following entry to the .htaccess file as can be seen in Settings > Advanced (link) > Show Details (button) of the Server Config Rules module:

    # Ban User Agents – Security > Settings > Banned Users
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP_USER_AGENT} ^site\.ru [NC]
    RewriteRule ^.* – [F]
    </IfModule>

    Notice the HTTP_USER_AGENT string in bold which should be HTTP_REFERER … So in this form it’s not going to do what you aimed for. However if you manually replace HTTP_USER_AGENT with HTTP_REFERER it’s ok. Do realize when making use of the Ban User Agents feature to generate these lines they may be regenerated by the iTSec plugin at any moment which will undo any customization applied.

    You better add all of these lines manually to the .htaccess file as suggested earlier in this topic.

    The above is just my opinion and not iThemes.

    Yes you’re right – just got a few more site.ru instances

    I’ll add your code

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP_REFERER} site\.ru [NC]
    RewriteRule ^(.*)$ – [F]
    </IfModule>

    …and see how it goes.

    Just checked this morning and it’s been over a day now since any referrers came from site.ru, so I’m guessing that the above code in htaccess solved it.

    Thanks @nipro we owe you one!

Viewing 14 replies - 1 through 14 (of 14 total)
  • You must be logged in to reply to this topic.