Soa Technology

What you’re seeing is bot / scraping / brute traffic, most likely from a rotating proxy or botnet

by

aditya singh
in

🔐 1. Block Bad Bots by User-Agent (Quick Win)

You already saw:

Sogou web spider/4.0

Add this in .htaccess:

RewriteEngine On# Block Sogou and other bad bots
RewriteCond %{HTTP_USER_AGENT} (Sogou|AhrefsBot|SemrushBot|MJ12bot|DotBot|Bytespider) [NC]
RewriteRule .* - [F,L]

🌍 2. Block Suspicious Countries (Very Effective)

Most of these IPs look like China-based bot traffic.

Option A: Cloudflare (BEST & FREE)

  • Go to Cloudflare Dashboard → Security → WAF
  • Create rule:
Country = China → Block

You can also block:

  • Russia
  • Indonesia (optional, depends on audience)

👉 This is the easiest and most powerful solution.

⚡ 3. Enable Cloudflare Bot Protection (Must Do)

Turn ON:

  • Bot Fight Mode ✅
  • Super Bot Fight Mode (if available)
  • Rate Limiting rules

Example:

If requests > 20 per 10 seconds → Block

🧠 4. Improve Your Rate Limiting Logic

Right now it says Blocked (Rate Limit) — good, but bots are still hitting.

Make it stricter:

  • Limit per IP + per URL
  • Add progressive blocking

Example logic:

  • 10 requests → slow down
  • 20 requests → block 10 min
  • 50 requests → block 24 hrs

🛑 5. Block IP Ranges (Advanced)

Those IPs:

43.163.x.x
43.173.x.x

You can block full ranges:

<RequireAll>
    Require all granted
    Require not ip 43.163.0.0/16
    Require not ip 43.173.0.0/16
</RequireAll>

⚠️ Only do this if you’re sure you don’t have users from that region.

🤖 6. Use CAPTCHA for Suspicious Traffic

Add:

  • Google reCAPTCHA v3 (invisible)
  • Or Cloudflare Turnstile (better & free)

Trigger CAPTCHA when:

  • Too many requests
  • Unknown bot-like behavior

🧾 7. Block Fake Browsers (Important)

Notice:

Chrome/103, 105, 111, 116, 117

Bots rotate versions → fake legit users.

Use JS challenge (Cloudflare does this automatically).

🚫 8. Protect Important Pages

Especially:

  • Login
  • API
  • Search
  • Forms

Apply:

  • Strict rate limit
  • CAPTCHA
  • Token validation

📊 9. Log & Auto-Ban System (Pro Level)

Create a script:

  • Detect repeated hits
  • Add IP to block list automatically

Example idea (PHP):

if ($requests > 50) {
    file_put_contents("blocked_ips.txt", $ip.PHP_EOL, FILE_APPEND);
}

Then deny via .htaccess.

🧱 10. Use a WAF (Highly Recommended)

Best options:

  • 🥇 Cloudflare (FREE + powerful)
  • 🥈 Sucuri
  • 🥉 Wordfence (if WordPress)

⚠️ Reality Check

You cannot fully stop bots, but you can:

✔ Reduce 95% of bad traffic
✔ Protect server resources
✔ Keep real users safe

🔥 My Recommendation for YOU (Based on your setup)

Since you’re on GoDaddy shared hosting, do this:

  1. ✅ Enable Cloudflare (free plan is enough)
  2. ✅ Block China via WAF rule
  3. ✅ Enable Bot Fight Mode
  4. ✅ Add .htaccess bot blocking
  5. ✅ Add CAPTCHA on forms/login
🇮🇳 Amazon India 🌍 Amazon Global