I installed CSF and ModSecurity in cyberpavel, what rules should I set for them so that there are no these bots as in the screenshot?
Hello @a159cm
You can use cf machine learning service against bad bots designed for wordpress websites. Check cloudflare website to get started for free
Use this WAF rule for cloudflare look from rule where I add your serverIP change those to match yours. Also look from CF evets for couple days if rule blocking something what it should not and add those allowed on rule, also try all important functions on site works. I have that rule all my sites and it block all crappy bots almost 100%. Just remove some rules if your site dont have woocommerce etc…
(http.request.version in {“HTTP/1.0” “HTTP/1.1” “HTTP/1.2”} and not http.user_agent contains “Googlebot” and not http.user_agent contains “Bingbot” and not http.user_agent contains “DuckDuckBot” and not http.user_agent contains “facebot” and not http.user_agent contains “Slurp” and not http.user_agent contains “Alexa” and not http.user_agent contains “AdsBot-Google” and not http.user_agent contains “HetrixTools Uptime Monitoring Bot. " and not http.user_agent contains “GTmetrix” and not http.user_agent contains “YahooMailProxy” and ip.src ne YOURSERVERIP and not http.user_agent contains “BingPreview” and not http.user_agent contains “DuckDuckGo” and not http.user_agent contains " Jetpack by WordPress.com” and not http.user_agent contains “WooCommerce API Client-PHP/3.0.0” and not http.request.uri.path contains “/wp-json/wc/v1/tracking-webhook” and not http.request.uri.path contains " /wp-content/plugins/trackship-for-woocommerce/assets/images/trackship-logo.png" and not http.user_agent contains " Jetpack" and not http.user_agent contains “PayPal” and not http.request.uri.query contains “jetpack&token” and http.user_agent ne “Jetpack by WordPress.com” and ip.geoip.asnum ne 7941 and not http.request.uri.path contains " /favicon.ico" and not http.user_agent contains “ShortPixel.com optimization API” and not http.user_agent contains “validator.w3.org” and not http.user_agent contains “undici” and not http.user_agent contains “Let’s Encrypt” and not cf.client.bot)