Guests online

[kronos1]

Is there anyway to stop guests from being online as I have 5 members online and 4000+ guests online which is slowing the forum down.

[KevC]

You don't want to stop all of them because then you and your members wouldn't be able to get on the site because you're also a guest until you hit login.

Lots of chat about this recently
viewtopic.php?p=16063945#p16063945

[kronos1]

I have added the Hi Fi Kabin .htaccess file but it makes no difference, there are still over 4000 guest online.

[SQLnovice]

Probably a lot of A.I. scrapers stealing your forum's information.

What's the time period you have for the WhoisOnline? I'd recommend 90, so you can get a history on what the guests are.

Then, check your host's logs. My host has an analytic reporting function that shows me what countries and IPs are the top offenders, so to speak. If you're seeing a lot of traffic from the Russian Federation, China, Iran, Iraq, Albania, Brazil, etc, that's what we're all seeing too. Also, Facebook bot, their meta-external agent, and Microsoft BingBot MSNbot have just gone crazy lately. They apparently don't respect robots.txt anymore. Identifying and denying their bots in the htaccess environment variable is the next step (something you can also do on Cloudflare):

Code: Select all

BrowserMatchNoCase "bingbot" bad_bot
BrowserMatchNoCase "meta-externalagent" bad_bot
BrowserMatchNoCase "meta-externalagent/1.1" bad_bot
Order Deny,Allow
Deny from env=bad_bot

You could use Cloudflare's free WAF rules to block countries before they get to your site and/or you can add them to your .htaccess file. If you want to go that route, see this topic
viewtopic.php?p=16061083#p16061083

[kronos1]

You could use Cloudflare's free WAF rules to block countries before they get to your site and/or you can add them to your .htaccess file. If you want to go that route, see this topic
viewtopic.php?p=16061083#p16061083

I have signed up for the free Cloudflare and diverted my DNS names and this seems to have stopped the majority of the bots. I have imgur installed and not sure if this is a coincidence but I can no longer upload pictures using imgur.

[SQLnovice]

Dunno. You must have set something up out of the norm or have We're Under Attack enabled? We have imgur images on our site too and they're unaffected. I suppose maybe try this.

Find out what Imgur's AS number is or are. Then on CF's side, turn on one of their custom allow traffic templates. Put Imgur's ASN number(s) in as the equal to AS number rule (using the OR option for multiple rules) and set the rule to be the first WAF rule and to 'skip' all other subsequent WAF rules if the traffic matches this 'allowed traffic' firewall rule.

[kronos1]

Dunno. You must have set something up out of the norm or have We're Under Attack enabled? We have imgur images on our site too and they're unaffected. I suppose maybe try this.

Find out what Imgur's AS number is or are. Then on CF's side, turn on one of their custom allow traffic templates. Put Imgur's ASN number(s) in as the equal to AS number rule (using the OR option for multiple rules) and set the rule to be the first WAF rule and to 'skip' all other subsequent WAF rules if the traffic matches this 'allowed traffic' firewall rule.

Under attack is not enabled. I have set up a rule like you suggested but sadly it is still not working, hope I have the correct ASN?

A also notice the the imgur images that were upload before Cloudflare was used only show for about 2 seconds and then they disappear along with the avatars.

Untitled.jpg

[SQLnovice]

According to Google AI, it's 56252. You might wish to change the Allow rule name from Imgur to something generic, like 'Allow,' so it's labeled better. Ours has all the explicit allowed traffic for other AS numbers, like GoogleBot 15169 and user-agent Googlebot-Image, if you're wanting them to get through too.

On topic though...
With CF blocking most of everything bad via WAF rules, we still have our .htaccess in place with bad_bots, country code and IP blocks. Plus, we use SpIdErPiGgY's honeypot-blackhole modification too. All these systems work well together, but we prefer to identify stuff that .htaccess or honeypot are blocking (finding) and creating new CF WAF content to block that stuff before it hits our Web host (i.e. our .htaccess). That eliminates a lot of requests that won't even get 403 errors from our host.

[dontcoz]

Check this topic viewtopic.php?t=2662519

[thecoalman]

There is already multiple topics on his issue so I'm closing this one.