0

So I have a WordPress site and we all know how vulnerable WordPress plugins can be and get over time. I'm curious to know what you guys think about possibly just IP banning anyone that get an HTTP 404. Obviously I'd have to ensure that the site does not submit any requests to invalid links and all, but I figured it'd be a pretty good way to deter attackers.

I mean if someone visits the site and they click on the links that are on the site, there's no reason they should get an HTTP 404. If someone gets an HTTP 404, they're most likely going to be up to no good.

That being said, is there an easy way to accomplish this?

LewlSauce
  • 151
  • 6
  • 5
    Banning an IP that gets a *bunch* of 404s in quick succession might make sense. Banning them for just one would be crazy. – ceejayoz Aug 27 '17 at 22:02

4 Answers4

5

In my opinion that's not a good idea. Even well maintained websites and plugins will have an occasional 404. This for example could happen if a plugin is updated and they forget to update one URL when a version changes, if a browser requests a favicon and you don't use one, if you don't have a sitemap, etc.

I think if you do this you'll end up blocking everyone from accessing your website occasionally, and you'll make access unnecessarily difficult. If you don't have a sitemap you could end up blocking all search engines.

If you want to protect your server use fail2ban. I use a combination of fail2ban and CloudFlare, as I outline in the linked tutorial. It's for Amazon Linux but should work reasonably well in other Linux's.

NB: I've incorporated comments from below, to make things easier to read / understand. Credit to the comment authors.

Tim
  • 31,888
  • 7
  • 52
  • 78
  • Gotcha. Makes perfect sense. Thanks for the feedback man! – LewlSauce Aug 27 '17 at 19:20
  • 1
    if you're happy with the answer please accept it. – Tim Aug 27 '17 at 19:44
  • 6
    @lewlsaucengravy: There are many legitimate reasons to get a 404 even when your site is "perfect" without any dead links. Think a user mistyping or making an error while copy/pasting. – Sven Aug 27 '17 at 19:49
  • 1
    +1 sven. I'd have to add that aside from error there are things like favicon and robots.txt, what happens if your site doesn't have them, or sitemaps and so on. Are you sure you have *everything* covered, and is it worth effectively banning your client from google if you don't... – James Snell Aug 27 '17 at 22:19
  • Thanks guys. All of this makes perfect sense. I believe @ceejayoz's solution is pretty solid, maybe a few 404s at the same time would be great. Thanks for all the input. – LewlSauce Aug 28 '17 at 02:01
  • 1
    What ceejayoz suggested is basically what fail2ban does, as I suggested above. I don't think fail2ban blocks based on 404 errors, but it's very configurable and could probably be made to. I still wouldn't do that though, as 404s aren't really a problem. You're better off following a Wordpress / fail2ban tutorial, like the one I linked to. – Tim Aug 28 '17 at 02:16
4

In addition to the reasons given by Tim, you should also keep in mind that tens or hundreds of persons might be NAT'd behind the same public IP.

So, in such case, you might have blocked the legit users as well!

Ost99
  • 116
  • 4
1

Have a look at Fail2Ban. We have a rule that says that if an IP has more then 10 404's to ban the IP.

Dovid Bender
  • 427
  • 2
  • 7
  • 19
0

Even if you ban those ip addresses, they will just keep hitting you from other ip addresses. A lot of botnets have access to tens of thousands of ip addresses. In my opinion it's still worth doing though, although you may ban a small number of legit users if you're not careful.

John M
  • 21
  • 2