Share:
We recently ran in to this problem that our Magento sites are flooded with spam from various Russian and Chinese servers. Essentially these bots come and signup for newsletters, open up spam user accounts or just continuously probe our servers for vulnerabilities.
Not only can the above behavior expose you to problems with your email provider(you might get your account flagged for sending out spam) or they might find a vulnerability which is subsequently abused, it is also just plain annoying.
As you send out large amounts of spam(unintentionally) you risk having your transactional email service provider suspend your account.
Day and night you have your servers working harder than they have to(consuming more CPU), you also have to pay for more traffic than your legitimate traffic warrants.
Blocking email domains
Most of the spam signups are coming from rather specific email domains such as mail.ru, qq.com, etc. Using a module to block those email domains is a quick way to clean up your customer list and prevent it from getting bombarded by spam again. A module we used often is this.
But, just blocking the email domains will not be sufficient to stop spammers from trying, so a more long term solution is to block them all together.
Most of the spam usually uses a handful of email domains.
Cloudflare
We've been using Cloudflare for most, if not all, our websites for years. It is easy to setup, and comes with robust tools you normally would have to configure in-house, such as firewall and WAF rules.
As most of our spam was coming from China and Russia, we just banned those countries outright(excluding legitimate bots) with the settings seen bellow.
Blocking entire countries in Cloudflare is super easy.
Banning just Russia and Belarus doesn't do the trick though, you will most likely continue to have some odd bots which may or may not be malicious crawling your pages, these you can take care of by having a quick look at the logs for suspicious traffic and banning the ASN numbers from which the traffic originated.
If you are running nginx as your web server, you would most likely find your logs at ./var/log/nginx/
Assuming your traffic amounts are not too much, you can usually rather spot the vast majority of unwanted traffic.
ASN numbers are essentially numbers assigned to organisations and will include a large range of IP addresses. The reason why you need to block the ASN number, and not just the IP, is that that usually you would have spam coming from multiple IPs within the same cloud(hence the ASN number will block all of them in one go)
How to block ASN numbers in Cloudflare.
You can look up the ASN numbers associated to an IP at e.g https://www.abuseipdb.com
I tried Cloudflare, but I am still struggling
Although Cloudflare firewall works great for smaller websites with more manageable amounts of spam and threats, using their web interface to block ASNs one by one just won't scale. There are ways to automate the process of blocking malicious traffic, either using Cloudflare's API or an self hosted solution.
Drop us a line bellow if you are struggling with spam and we will be happy to help you.