Incapsula Review: Block Semalt and Protect WordPress Login Page

Incapsula Review: Block Semalt and Protect WordPress Login Page

by: Music47ell
1220 Words / 6 Minutes

I’ve been a CloudFlare user since 11/11/13, the reason why I chose them as my CDN provider was because of all the positive reviews that I kept reading about them.

What CloudFlare supposed to do is to protect your site from malicious attacks and make it faster by caching it’s content, but I honestly didn’t see any changes what so ever, but I kept it installed because they do have one great thing that I use which is their DNS management, it’s really easy to use and control, but other than that, CloudFlare felt like just a service that my traffic go through with no purpose.

A Year went by, and my site’s traffic grew, and with more great readers like you started learning about the site, hackers started learning about it as well, also spammers, like Semalt (SEO tool) and Buttons for Website (Sharing tools), that crawled my site everyday and caused fake traffic.

Google Analytics Semalt & BFW Referrals

I thought CloudFlare should’ve taken care of both, but sadly no. CloudFlare just let them go through day after day after day…and I wanted a solution, a once and for all kind of solution, something good to replace CloudFlare, and something that could take care of this annoying fake traffic.

How to STOP Semalt and Buttons for Website:

First, I chose the hardcore solution, I opted in for what Joshua McGee had to offer over at The Eclectic Quill.

He wrote a great tutorial on how to block Semalt on servers running Nginx, like the one powering this site.

And it works great, the next day after following his tutorial, both spams stopped from accessing my site.

Blocking Semalt using Incapsula:

While searching for these two spams I came across blog post from the guys at Incapsula, the post talks about the origin of Semalt and what it is all about:

A few months ago Incapsula saw the first indications of a large-scale referrer spam campaign. The focal point of this spam activity was a service named Semalt whose bots were employing referrer spam techniques on an impressive scale and were aggressive enough to draw our (and our clients’) attention.

At the end of their post, something caught my attention, Ofer Gayer Security Researcher at Incapsula wrote:

With the record of Semalt’s spam activity in hand, and with numerous requests to block the service coming from our clients, we added Semalt to our “Bad Bots” rules baseline, blocking it by default for all Incapsula accounts.

Yes, what you’ve read is true. Incapsula is automatically blocking all spam referral from Semalt to all of its users by default. This honestly sounds like a company that cares about their customers and actually doing their job very well. Reading this article got me hocked with Incapsula right away.

If you want to read more things by Ofer, then make sure to read his AMA on Reddit, its great.

Although CloudFlare recently offered a free share SSL Certificate for all of its users, I made the switch because I had two very bad experiences with their customer support and service. ((The service issue was that my old website for fuck all reason wasn’t accessible form Turkey while CloudFlare is on and no one at CloudFlare customer support knew what caused this issue))

So I decided to switch from CloudFlare to Incapsula and after more than a month I couldn’t be happier.

Now that I’ve talked about the reason I switched from CloudFlare, let’s talk about what other features I found really great about Incapsula, features that you ((maybe a CloudFlare user)) should know about.

Incapsula Review

Incapsula's Dashboard

Incapsula is an application delivery platform that uses CDN to provide website security, DDoS protection and load balancing.

What I use them for?

I personally use their free plan, which comes with many great features, but I use just few:

  1. Bot Protections: This is what protecting my site now from Semalt and BFW, and many other bad bots.
  2. Access Control: This allow me to block URLs, Countries and IPs.
  3. CDN & Optimizer: I think this one is obvious.

There’s also 2 more free features that you can get like Web analytics and Login Protect.

Protect WordPress Login Page from Brute Force Attacks:

The Login Protect feature is really great and after testing it for a week, it works really well, basically what it does is that it put an authentication wall in front of any page you want to protect, so for example:

Let’s say you run WordPress site, and you want to protect your Login page, you can just enable this feature, add the URL for that page, and you are all set. Now every time you visit it, you will see a protection wall asking you for your email, you add it, and a pass code will be sent to your email, you enter it, and then you will get an access to your main WordPress login page.

Now let’s go back just for a second and talk about CloudFlare’s free plan, exactly these two things:

  1. Broad security protection
  2. Powerful stats about your visitors

I’m going to call bullshit on these two things, and here’s why:

  1. While doing some research on what’s the different between Incapsula and CloudFlare, I saw a couple of articles and videos that shows how CloudFlare is not doing its job of protecting the site of attacks such as: Cross Site Scripting (XSS), Local File Inclusion (LFI) and Remote File Inclusion (RFI) attacks.

    You can read more about it here, here, here and here. ((Please note that these tests were done with CloudFlare’s Business Plan and Incapsula’s Business Plan))

  2. As for the “powerful stats” about the visitors, I would like you to take a look at it with me and decide by yourself:

CloudFlare's Analytics Dashbaord
CloudFlare’s Analytics Dashbaord
CloudFlare's New Analytics Dashboard
CloudFlare’s New Analytics Dashboard

I honestly don’t think that I can call this a “Powerful stats about your visitors”, nothing seems powerful about it, no IPs, no bots names, no reference to what is being targeted, no nothing.

Even with the New design for the Dashboard, CloudFlare decided to make it prettier instead of making it display more information on what bots are visiting my site.

On the other hand, Incapsula shows you exactly the name, IP Address of the bots and crawlers, and what is being targeted.

Incapsula Bad Bots Analytics Screenshot 2015-03-24 21.07.52
Incapsula Bad Bots Analytics

Incapsula BFW 2015-04-04 19.49.35

Incapsula Events Screen shot 2015-03-02 at 3.35.18 PM
Incapsula’s Event Log

As you can see, in the first picture from Incapsula, I honestly didn’t know that someone was trying to brute force into my site, once I did, I made some changes to my server, and since then, WordPress Brute Force are history.

And in the next two pictures, you can see a detailed view of every ‘bad bot’ that is trying to reach my website, and fail thanks to Incapsula.

Conclusion:

Incapsula seems to let their users see pretty much everything, and have more control on the way that they can protect their website, from blocking IPs to countries, and the ability to select what kind of protection they want for their site.

Along with all of this, Incapsula stays up-to-date on All Things Security related, while CloudFlare seems like they are trying to be just a famous company and to lure in as many people as possible, who  maybe didn’t take the time to dig deeper into other alternatives.

I really think that you should give Incapsula a shot, even with their Free Plan, I’m sure you won’t regret it.