Support » Plugin: Wordfence Security - Firewall & Malware Scan » *.res.rr.com *.res.spectrum.com

  • Resolved rfclifford

    (@rfclifford)


    Wordfence Support:

    For quite some time any user with a hostname ending in: *.res.rr.com OR *.res.spectrum.com is blocked.

    As example, the Live Traffic block shows:

    “Greensboro, North Carolina, United States arrived from https://www.bing.com/ and was blocked for UA/Referrer/IP Range not allowed at https://qubitreport.com/quantum-computing-technology-and-hardware/2020/09/11/microsoft-and-university-of-…
    9/20/2020 1:02:42 PM (2 hours 53 mins ago)
    IP: x.x.x.242 Hostname: x-x-x-x.res.spectrum.com Human/Bot: Bot
    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Edg/85.0.564.51

    Without adding all the IPs to the WL, how do we stop blocking everyone with those hostnames? *.res.rr.com OR *.res.spectrum.com?

    The issue is getting in the way of business.

    PLEASE HELP!

    🙂

    RF Clifford

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support WFAdam

    (@wfadam)

    Hello @rfclifford and thanks for reaching out to us!

    There currently isn’t a way to whitelist a wildcard hostname, as that could be a security risk all in itself. I see that Wordfence is detecting that this is a bot request. You could adjust your Rate Limiting settings in All Options > Firewall Options > Rate Limiting.

    I generally set my Rate Limiting Rules to these values to start with:

    • If anyone’s requests exceed – 240 per minute
    • If a crawler’s page views exceed – 120 per minute
    • If a crawler’s pages not found (404s) exceed – 60 per minute
    • If a human’s page views exceed – 120 per minute
    • If a human’s pages not found (404s) exceed – 60 per minute
    • How long is an IP address blocked when it breaks a rule – 30 minutes

    I also always set the rule to Throttle instead of Block. Throttling is generally better than blocking because any good search engine understands what happened if it is mistakenly blocked and your site isn’t penalized because of it. Make sure and set your Rate Limiting Rules realistically and set the value for how long an IP is blocked to 30 minutes or so.

    Remember there is no hard and fast, one size fits all set of rules for every site. This is just a good place to start. During an attack you may want to make those rules stricter. If you see visitors, like search engine crawlers getting blocked too often, you might want to loosen them up a little.

    Let me know if this helps!

    Thanks!

    Thread Starter rfclifford

    (@rfclifford)

    Made the change from your recommendations.

    For posterity’s sake, my own naked IP is a res.spectrum.com *.res.spectrum.com and I am treated as a bot. So, I have had to WL my IP months ago. Not sure how I could be a bot. Anyhow. Thank you for the reply.

    We’ll see how it goes.

    Plugin Support WFAdam

    (@wfadam)

    That is odd that it’s reading your IP as a bot.

    Can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

    I would just like to review a few things to see what might be causing that.

    Thanks!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘*.res.rr.com *.res.spectrum.com’ is closed to new replies.