I just tried WordFence to see how bad the attacks were and they are relentless. I had no idea. The problem with WF so far is it is glitchy and the support is poor. They are now telling me that I have to disable any cashing with all my plugins (11). I have no idea what to look for or how to manage that! Seriously most folks who have blogs and carts are not writing code. I bought WF premium and it sort of works but most times it doesn't for blocking countries. The interface is not that great. They can't even get email validation to work with just signing up for blog or free ware. I can see using the free ware for spotting particular U.S. IPs and blocking them but for blocking all but a handful of other countries it is worthless right now. The plugins I do use maybe cashing so how do I manage that with hiring someone to recode them? If an update occurs then recode them again? I don't want to ditch my Woo Commerce if it is cashing so what will the point be of keeping the site? I see in Cpanel you offer a place where I can put in specific IPs to block but why don't you bother to offer country blocking or better yet how about blocking all logins but me? I am now wishing there was a safe place like we had in the early 1990s where we hung out in AOL rather than going on the world wild web. I don't know how small stores like mine can actually stay safe online. Net neutrality is a joke since only the big outfits can afford all the complex security measures to stay online along with the bandits. They steal everything that isn't nailed down like images and there is no way to nail anything down! I may need to just sell from the big online website and forget this back up plan of trying to put up my own shingle online. Our issues are really not being addressed with Go Daddy in a real way with security. Go Daddy is the gate keeper and you let in all the bad bots. How hard would it really be to identify the these bots and then list them and block them as they pop up for all sites. I seriously doubt there is one site that really wants them trying to login. Plugins don't work and conflict etc. The country filtering needs to be done from the Go Daddy spigot. Countries like Russia, China, Ukraine are really obvious countries that are also creating a lot of unnecessary traffic that could be opened up for other things. It seems like it would be a win win situation for all if we had country blocking and host blocking for those less than ethical hosting companies.
First of all I am not defending GoDaddy in anyway.
Just because you want a country blocked doesn't mean everybody does. I used to develop games and had games that made money from those countries. Most of those hack attempts can mimic users. Some bots are wanted because they crawl your sites to help you show on search engines.
Like you said, it's not that hard to identify those, why not do it your self?
also, have you tried: https://wordpress.org/plugins/wp-limit-login-attempts/ ?
@JHasselbringNo one suggestion everyone wants this feature but many do. I only sell in the U.S. and handful of countries and well no one is going to want my digital English products in countries that don't speak English. I don't have all day to devote to blocking the bots. It is insane to think we have a chance against the bots online. Seriously when I woke up today and checked there were pages of these bot attempts from all over the world. So if you don't want them fine. I would be nice to narrow them down to just the areas I sell to and screen those myself. But many do want to be able to shut down Russia or China or Ukraine which has tons of these. Why are you negative towards someone who needs and wants a more realistic method of stopping the attacks? I think you need to be open to the idea that there are sites that get more of this attacks than they can reasonably handle manually. I would also venture to say if I and others could block the Russians and Chinese and other countries who are known for harboring these bad elements that it would free up a lot of traffic on Go Daddy by blocking these bots. I think it could be a win win. It also would be great to block certain hosting sites. I came across two hosting sites were that were so bad that Google warned me it was too dangerous and the other one was just flat out Forbidden. But they can access my site and steal my images. So yeah it would be great to block these type of hosting sites when blocking an entire country is not practical. There are some hosting sites I wouldn't mind blocking altogether. Since this industry really doesn't do a good job of policing itself and DMCA is a joke, why anyone would give out all their personal information to the crooks to just harass them even more, and no way to nail everything down on your site so nothing can be stolen or hacked the only recourse we have is to identify the bad elements and weed out them out with blocking. Unless you have a better idea than just manually blocking each IP number which is too little too late and takes too much time. I have this plugin for the login attempts but that really doesn't address the whole problem:
I am sure the bots can mimic users but right now I am not really doing much with this site but adding to the cart and all I am getting is blasted with bots trying to hack in and some others that are also trying to get in. I do think Google bots and msn bots can easily be identified and made an exception for. I really don't think this is rocket science to filter out countries and filter out these typical attacks which clearly have some patterns that if simple me can figure out. I just think if you really truly want net neutrality then you have to make sure that you provide services so average folks can safely operate online. It is pretty shocking to see all these attempted attacks going on and there is very little you can do to prevent it right now. I can see where Google doesn't want to do much about copyright and DMCA since so many of these sites use Google Ads and it is not in their best interest to stop this revenue stream. I think they have the ability to really send the offenders at the bottom of the results and most times it is clear who the thief is. It must be awful profitable since last year in one month they processed 75 million DMCA alone. At this rate everyone will be selling on Amazon, Ebay or Etsy or _____ and throw in the towel trying to deal with all the stealing online with hardly any tools. I think there will be a tipping point with all this.
How hard would it really be to identify the these bots and then list them and block them as they pop up for all sites.
I'm sorry if it sounded like I'm being negative towards someone who needs and wants a more realistic method of stopping the attacks. I'm not... I'm being negative towards your notion of blocking an entire nation just because it will benefit you even if it may ruin other people's business.
Seriously when I woke up today and checked there were pages of these bot attempts from all over the world.
I am well aware of the threat. I'm a system administrator, I used to get fifteen thousand plus attacks in a span of 8 hours for each group I hosted.
DMCA is a joke, why anyone would give out all their personal information to the crooks to just harass them even more
You need to open your mind to the fact that business owners are not the only victims in the digital world. If a website is asking you for your personal information, how do you go about finding out if the website that you are using is who they say they are? That's when CA and ICANN WHOIS who has your information come into play. If I want to purchase rights to your work, how do you expect me to contact you? These services are there for a reason and just because you don't like them doesn't always mean that they are broken.
I don't have all day to devote to blocking the bots.
I don't have all day to plant and harvest vegetables or make peanut-butter or ketchup either. That is why I go to Target or Walmart. It is their business to sell those to me. It is not Walmart's job to make sure that all the bread that they sell already comes with peanut-butter and jelly because, although a lot of people likes PB&J, not every one does. They do how ever sell bread, peanut-butter and jelly. They can provide you all the things you need. Bread, peanut-butter & jely are cheaper to buy than premade PB&J just like web-hosting is cheaper than managed dedicated or VPS. There is a reason for that... people do not work for free. It is the same thing here, they enabled .htaccess for you so you can customize your site to your liking. You are able to write server sided script through PHP so you can manage your own data. If you do not have time to do it on your own, it is time to have someone do it for you. cPanel is not a GoDaddy product. cPanel is a separate entity who sell and manage their products.
I really don't think this is rocket science to filter out countries and filter out these typical attacks which clearly have some patterns that if simple me can figure out.
You're right, it's not hard. But don't expect Walmart to sell PB&J to everyone while who ever is allergic to peanuts have to figure out a way to scrape/remove it from their bread. Look, I'm sorry that the world doesn't serve everything you want, anytime you want on a silver platter but there is a structure here that we need to follow.
Bottom line: If you do not have time to manage your site, use GoCentral or have someone manage it for you.
To the question: You can actually use IfModule to place in your htaccess file to block countries. Look up MaxMind database for GeoIP lookups and rules. Example of MaxMind that you can add the database into your godaddy site to block with! China is about 90% of the hacking to USA sites. So definately block them!
MaxMindDBEnv MM_COUNTRY_CODE DB/country/iso_code
SetEnvIf MM_COUNTRY_CODE ^(AU|UK|US|$) MMCountry
Allow from env=MMCountry