Issues with attacks

  • Resolved sybydesign

    (@sybydesign)


    2 weeks ago

    I use your filters in our store, and for customers they work great. However, they seem to be a magnet for attacks. We have dealt with many attacks over the past year where something or someone is sending URLs with the filter properties. Each time I change stuff to thwart the attack, the attackers become more sophisticated – always around the way you do the filtering. They just keep hammering the filters because they take so much CPU and DB calls. Obviously it is more complex than I am willing to write here, but is there any way to hide the filters from the URL? A way to use the filters on the page without making it so a GET or POST will trigger the filters? So a person can click them, but a bot cannot?

    I did search your pro documentation as you stated for a previous topic, but could not find anything.

    The page I need help with: [log in to see the link]

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Support fesupportteam

    (@fesupportteam)

    1 week, 6 days ago

    Hi @sybydesign

    There are plans to removing the links from the filter terms, and it is currently in development.

    However, even with that, due to the recent evolution of AI, it will most likely still find a way to use JavaScript to generate the filter links and run on them. This is not an issue with the filters alone, it has become more of a global problem. Even on some of our own sites, without filters, we get massive hits from bots, crawlers, scrapers, and so on, which can cause issues. This is why we had to configure CDN protection and other measures.

    That said, a new mode to remove links from filter terms is in development, but whether it will significantly reduce this issue is uncertain.

    Best Regards,
    Victor

    Thread Starter sybydesign

    (@sybydesign)

    1 week, 6 days ago

    Thank you very much for the response. I’m glad you are looking at the issues with bots.

    Again, is there any way to hide the filters from the URL? Is there a way to take the filter info out of the URL?

    Plugin Support fesupportteam

    (@fesupportteam)

    1 week, 6 days ago

    Hi @sybydesign

    Unfortunately, there is no option to remove it from the URL. Without the filters in the URL, the filters would be broken, and going to the next page would reset all of the filters. The filters in the URL are a required part of the filtering functionality.

    What we are currently working on is removing the links from the filter terms, meaning there will be no links for each filter term in the HTML, but not removing the filters from the URL parameters while using the filters.

    Best Regards,
    Victor

    Thread Starter sybydesign

    (@sybydesign)

    5 days, 12 hours ago

    Thank you for the responses. Also the further feedback about IP’s and such. Yet, the attacks are much more sophisticated than that.

    Anyway, please let us know when you have a solution. While I really like the function of the plugin, the bots do too. The risk is too high, so I am discontinuing use of the plugin until you have solved the issues. Thanks for the good function while it lasted.

    Plugin Support fesupportteam

    (@fesupportteam)

    2 days, 20 hours ago

    Hi @sybydesign

    The first updates should come from version 1.9.3 and are most likely further polished. There is no date yet for the release of 1.9.3, as it has only just started. The rest depends on the server’s protection against bots and how it handles such types of bots, including Cloudflare Bot Management and other solutions.

    Best Regards,
    Victor

    useremil

    (@useremil)

    1 day, 11 hours ago

    Hello @fesupportteam and @sybydesign

    I am writing here to enlighten and to give my 5 cents on the issue, as I have had the same problem.

    I have had the similiar experience with attacks/bots/crawlers. I have been trying to figure out what the issue has been for a long time. I suspected early, by the URL request, that it might have had something to do with the filter. Long story short, it was.

    My CPU was constantly at 100% and the server had a hard time to cope with all the incomming hits on the various different URL filter searches. The bots/crawlers tried every combination that the filter had as options. The more filter options you had, the longer the URL. The bot/crawler kept calling them over and over.

    Here is an example of two of the URLs:

    “and/or” is the key here, it tries everything. Every combination of category, subcategory and brand,

    • /butikk/k-fiber-special-care-or-hest-or-hover-tilskudd/me-trm/
    • /butikk/k-diverse-and-elektrolytter-and-fiber-special-care-and-luftveier-and-pelspleie-and-strigleutstyr-and-tilskudd/

    My first solution was to deactivate Filter Everything – waited a few days and checked back on the server. Problem still existed because the server now had to handle the 404.

    My second solution was to block all the IPs at the server level. That’s a process worth nothing in the long run. New IPs pop up with small adjustments at the end of the IP.

    Here is an overview over 404 status codes the last 24h:

    Status Code: 404
    Request Count: 102256

    That’s quite many hits on 404. Not every hit is related to the filter, but 99% is.

    To fight off the incomming requests I added a rewrite rule in the .htaccess:

    There are more rules, but I exclusevely just pasted the one for this topic. The rule is placed as high as possible in .htaccess.

    <IfModule mod_rewrite.c>
    RewriteEngine On

    RewriteRule ^butikk/k- - [R=404,L]
    </IfModule>

    This stops every URL-request that has “butikk/k-” before it hits wordpress and thus keeping the CPU idle for actuall work. Yes, it also stops real users to use the exact filter. This must be adjusted over time to make sure it doesn’t affect real users.

    My CPU is now down at 14%.

    Hope this insight helps.

    Thread Starter sybydesign

    (@sybydesign)

    1 day, 7 hours ago

    Good feedback. In July 2025 I wrote some code to block things which worked until October when they improved their attack. I wrote more code and that worked until December. I wrote more sophisticated code and that worked until March 2026. I wrote even more, and thwarted the attack, but this time is was quite sophisticated. It is not worth the hassle of playing whack-a-mole every few months, and I don’t know that my coding skills will be able to keep up anyway. I have now changed the pages so they do not have the filters. Sad to see it go – especially because it is a casualty of evil. Maybe you can write me a virus that will redirect the Russian missiles to the source of the attacker. (Joke)

    Plugin Support fesupportteam

    (@fesupportteam)

    20 hours, 56 minutes ago

    That’s an unfortunate truth, fighting bots and crawlers is becoming harder and harder, especially when doing it on your own. This is why you may see Cloudflare protection on almost every site. These types of attacks are only becoming more aggressive, and many sites that didn’t use Cloudflare half a year ago are now using it, or similar services that provide bot protection.

    Best Regards,
    Victor

Viewing 8 replies - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.