A bot is spamming my woocommerce websites with the same GET filter request. This causes my error logs to get really big and fills up my server disk space. How do I prevent this kind of request?
I've attempted to block the IP but eventually the bot shows up with a different IP and performs the same request.
I noticed GET request like this showing up on my apache.access.log for my website.
148.251.92.39 - - [19/Aug/2019:11:04:17 +0000]
"GET /product-category/some-category/?filter_flavours=flavor1,flavor2,...,flavor15
HTTP/1.0" 403 859
The bot starts by checking my robots.txt
108.59.8.80 - - [19/Aug/2019:11:52:48 +0000] "GET /robots.txt HTTP/1.0" 200 67
The bot looks like it filters for every possible item that can be covered by that category, and then spams that GET requests as many times as it can.
Some of the IPs that made similar get requests can be found on abuseipdb.com
https://www.abuseipdb.com/check/144.76.236.112
These requests create a strange database query.
# Time: 2019-08-19T10:40:36.958807Z
# User@Host: db-user[] @ localhost [] Id: 111
# Query_time: 0.762636 Lock_time: 0.196198 Rows_sent: 0 Rows_examined: 1
use my-db;
SET timestamp=1566211236;
UPDATE `wp_options` SET `option_value` = 'a:333623:{i:0;b:0;s:32:\"c3dfc0f6173112a56bf12c79c81c5dfd\";
a:0:{}s:32:"13112848b4e9632f77a38f69b9898a60\";a:0:{}s:32:
"b3f4286ca803f55c6ee15185d8f6f8e2\"
... this is repeated for a huge amount of lines ...
"8d3fedbfb7a3e823df7443f0595dee4f\";a:0:{}}' WHERE `option_name` =
'_transient_wc_layered_nav_counts_pa_effects';
I can block a specific IP when it starts making requests like that but I want to block any requests that behave like that. Is there any way to do this? I'm running a linux server.
