WordPress Security: Block or Challenge ASNs

Manuel Campos

In today’s digital age, protecting your organization’s networks and systems from malicious actors is more important than ever.

One strategy that can be used to enhance security is to block or challenge certain autonomous systems (ASNs) from accessing your sites.

ASNs are used to identify and organize groups of networks on the internet.

Some examples of well-known companies or organizations that have been assigned ASNs include:

  • Google (AS15169)
  • Amazon Web Services (AS16509)
  • Facebook (AS32934)
  • Akamai Technologies (AS20940)

By blocking or challenging certain ASNs, organizations can restrict access to known sources of malicious traffic, such as botnets and other forms of cyberattacks.

In this post, we will discuss the reasons why you may choose to block ASNs and the process for doing so.

To Block or To Challenge an ASN

I don’t usually recommend blocking ASN numbers because if you don’t do it right, you might end up blocking real users or some services you are currently using.

Even when an ASN has a lot of bot activity like this one, I choose to challenge its traffic.

Cloudflare Radar - Block or Challenge ASN

Challenging ASNs has never been my number #1 Firewall rule so I create this one to complement stricter rules.

How to Block ASN with CFR

Blocking or challenging traffic coming from different hosting providers is quite easy.

  1. You can name the firewall rule any name you want
  2. Choose AS Num from the field options
  3. Choose “equals” from the operator options
  4. Add the “ASN Number” in the value field
  5. Choose “or”
  6. Add another “ASN Number”
  7. Repeat the process if you need to
  8. Choose an action.
Blocking ASNS using CloudFlare Firewall Rules

I suggest using the managed challenge unless you are 100% sure that traffic from an ASN is full of bots, scrapers, and other bad actors.

If you want to leave some space to challenge other types of behavior, you can use this approach instead in which you add several ASNs in one field.

Blocking ASNS via CloudFlare

I suggest adding the “known bots” options if you want to challenge ASNs like Microsoft but you don’t want to block Microsoft Bing, user agents.

What ASN Numbers to Block?

I recommend creating firewall rules to block sensitive areas of your site such as the login page, bad queries, and some annoying user agents.

Then check the logs and see the most common hosting providers being used to attack your site

At the moment of writing this post, I noticed lots of attacks coming from Cloud Asset so this ASN will be challenged from now on.

Cloud Assets ASN

Cloudflare has important stats on the percentage of bot activity coming from ASNs

You can check that by visiting Cloudflare Radar

You can also rely on lists created by a third-party website such as the one provided by SpamHouse

List of Worst ASNs

These are some of the worst ASNs based on my Cloudflare logs with stats taken from Cloudflare Radar

Keep in mind that bot activity doesn’t mean malicious bot activity.

ASNCompanyBot Human
210531STALLION 91%9%
16509AMAZON 91%9%
14061Digital Ocean84%16%
20473AS Choopa75%25%
43624PQ Hosting 70%30%
ASNCompanyBot Human
ASNCompanyBot Human

Filing an Abuse Report

If you do wanna do some good for the World, you can report the IP to the hosting provider so they take action.

I wouldn’t bother filing a report when the attacks come from sh*tty hosting providers

I recently reported a Google Cloud IP that was scanning for exploits and vulnerabilities.

It got blocked like two hundred times in two minutes so I concluded that they really wanted to be reported.

Google Cloud Attack Singapore

Hopefully, reputable companies do something about it.

These are some links to report abuse

In case you don’t want to do that, you can report an IP linked to malicious bot activity to AbuseIPDB

What ASNs not to Block

These are some of the ASNs that you might not want to block or Challenge because they focus on Advertisement.

32934FACEBOOK90%10%Social Media

Blocking an ASN: Final Thoughts

Remember that this Firewall rule can’t be the only one you use to protect your WordPress sites.

Blocking ASNs must complement other firewall rules, since hackers, bots, and attackers can rotate the hosting providers they use.

Also, remember to check the logs from time to time and see if real visitors or services are getting blocked by the rule.

For example:

  • If you are using an ad network such as Ezoic, blocking or challenging Amazon servers would be a terrible idea, If that’s the case, you should exclude Amazon Web Services from the rule or whitelist it using Cloudflare rules.
  • If you are optimizing your site’s SEO using Ahrefs Webmaster Tools, you should exclude OVH from your Firewall rules.
  • Not all ASNs refer to hosting providers, some of them are Internet Service Providers (ISPs) and for obvious reasons, it is not recommended to block them.

Finally, sometimes a hosting provider is not a house of thieves, it is probably one guy using a few servers to scrape or attack sites.

More about WordPress Security

If you care or have concerns about the security of your WordPress site, check these posts before you leave

  1. How to Secure your Login Page using Cloudflare
  2. WordFence: Love it or Leave it
  3. Hacking Attacks Will Never Stop
  4. Protect your WordPress Site with Cloudflare Firewall Rules
  5. WordPress Security without Plugins
Manuel Campos, English Professor

Manuel Campos

I am José Manuel. I am writing about things I know and things that I am learning about WordPress. I hope you find the content of this blog useful.






© 2024 WP SURFER • Made with Love in Costa Rica