Failed to detect a botnet attack

  • mesmer7

    (@mesmer7)


    5 days, 8 hours ago

    My web site has been under attack for several weeks, and Wordfence failed to detect it. A botnet has been somehow crawling every add-to-cart button on my website multiple times per day without ever crawling the pages those buttons are on.

    Each bot came from a different IP address. Each one created a shopping cart, but none ever completed a purchase. This activity strained my host’s resources and caused connection problems for me and my visitors.

    When I finally recognized the attack as a botnet, I reconfigured my htaccess file to feed it 403 errors. But I’m still upset that this went on for several weeks without WordFence detecting it.

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    3 days, 8 hours ago

    Hi @mesmer7, sorry to see you’ve had trouble with an attack.

    As it sounds like different IPs were being used, Rate Limiting may not have triggered unless the attacks from a single source were heavy enough to exceed your limits. We also use multiple sources for identifying “bad” IPs even if they only hit once, but if they (or their ranges) weren’t widely reported as malicious yet they could have been operating more freely at that time.

    Effective website security (just like the security of anything else), is about leveraging the defense-in-depth principle. Wordfence works on sites running WooCommerce and has various plugin features to compliment it. However, add-to-cart, taking orders, and payment gateways are more specific to e-commerce platforms rather than WordPress itself. There are add-ons for WooCommerce I’ve seen such as “Anti-Fraud for WooCommerce” that has advanced blocking features and CAPTCHA for stopping bots complete many of the transaction-related functions. There are likely other free and paid add-ons to do this, and we aren’t affiliated with (or recommend) any in particular.

    Many thanks,
    Peter.

Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.