Support » Plugin: Wordfence Security - Firewall & Malware Scan » What’s The Worst That Could Happen If I Tried To Block Everything From AWS?

  • Resolved tommcgee

    (@tommcgee)


    A huge amount of blocked traffic is coming from Amazon AWS servers. Are there legitimate humans who would be visiting my site from an AWS IP address? What would happen if I blocked them all?

Viewing 15 replies - 1 through 15 (of 21 total)
  • The worst that could happen is you’d probably just reduce the amount of your paid for bandwidth those danged bots are using. Might be worth experimenting. Turn it all off for a few days and see what happens? Good idea. I might try it myself. Actual nuts-and-bolts of doing it, however, appears to be tricky, though could it be done in Wordfence by simply blocking the hostname, with a wild card? MTN

    @tommcgee I have blocked all amazon ec2s and the worst I have seen is duckago search engine dropping me, because their bots use EC2, however I have reduced a lot of useless bots and saved on money for cost of my bandwidth on server.

    AWS we use ourselves for hosting images and blocking EC2 servers had not effect on that side, this is good.

    @mountainguy2
    I used custom pattern, hostname type with this
    *.compute-1.amazonaws.com
    and
    *.compute.amazonaws.com

    both have blocked several thousand hits from amazon

    • This reply was modified 1 year, 3 months ago by  scruffy1.

    Thanks for the tested custom pattern, useful. It would be nice to do this at higher level on server, using IP ranges… but Wordfence does have a nice UI for this sort of thing, and stopping those bots from crawling most certainly frees up bandwidth. My constant concern is that danged extensive block screen that Wordfence loads/displays, I can’t figure out why they don’t have an easy way for us to customize that to a three word message with no links or any other monkey business. MTN

    Weird to think that Amazon is making huge money of AWS, while we battle it. What a jungle.

    @mountainguy2 we had the biggest issues from the free amazon servers, the hackers or bots would be setup on a free 750 hour server and go mad trawling websites, then when you complain to amazon they shut it down, but the hackers use another free server and so on, so we figured it was just easier to block all of amazon ECs and EC1 and EC2 instances

    Aha, thanks for the clarification. Offering free tools for criminals, typical naive internet culture we’ve been subjected to for decades now… MTN

    I’m pretty sure this could be done in .htaccess along with whitelisting Duck Duck, might be more resource intensive than doing it with Wordfence, but I don’t like the idea of blocking search engines, especially Duck, which I really like. MTN

    blocking duck is just a side effect, it really does stem all the bigger issues, I cannot see a way I whitelisting duck because IPs change frequently to drilling down to the actual IP might create more issues than it solves

    Hi @tommcgee,

    There should be no impact with using Wordfence while blocking AWS IPs; however, if you need to leverage any services from other providers in the future, you will want to reassess this block and its potential impact on external services.

    Let us know if you have any further questions!

    This is great, thanks everyone. I’m applying MountainGuy2’s scruffy1’s patterns now. One site showed 8,650 blocks just in the last week, we’ll see what it catches between now and the next report.

    wfchar, one one of our business sites we have a legitimate AWS box picking up a feed from it. So that’s a case where we’d need to figure out some kind of exception.

    • This reply was modified 1 year, 3 months ago by  tommcgee.
    • This reply was modified 1 year, 3 months ago by  tommcgee.

    Hey @mountainguy2 looks like you got the thanks for this one lol

    My bad. I’ll fix it…

    lol

    Hey @mountainguy2

    with my idea of blocking all Amazon instances , any idea on a workaround for this one, the search engine you like, I am stumped, because I get the feeling this might be a shared IP for EC instances.If I could figure it out I would like to exclude this one from my amazon blocking.

    blocked for UA/Referrer/IP Range not allowed at https://www.xenaknits/
    28/06/2018 15:01:18 (41 minutes ago)
    IP: 54.208.102.37 Hostname: ec2-54-208-102-37.compute-1.amazonaws.com
    Human/Bot: Bot
    Browser: undefined
    Mozilla/5.0 (compatible; DuckDuckGo-Favicons-Bot/1.0; +http://duckduckgo.com)

    • This reply was modified 1 year, 3 months ago by  scruffy1.
    • This reply was modified 1 year, 3 months ago by  scruffy1.

    wfchar, one one of our business sites we have a legitimate AWS box picking up a feed from it. So that’s a case where we’d need to figure out some kind of exception.

    If you own that particular AWS box, you can request an elastic IP address to ensure that you have a static endpoint, even if your instance is relaunched.

Viewing 15 replies - 1 through 15 (of 21 total)
  • The topic ‘What’s The Worst That Could Happen If I Tried To Block Everything From AWS?’ is closed to new replies.