Warning: CIPTV Client. Is it a scraper or what?

[Name Trader]

I've been developing one of my domain names for some time. But only since, this month, Oct 2018, has my bandwidth usage has been ballooning stratascopically. It has taken a lot of hard work and dedication to have found that a User Agent, "CIPTV Client", has hit my website. This behaves a bit like a scraper (although I'm no expert on this subject), but doesn't seem to do anything useful. It seems to be looking at only 1 URL which doesn't even resolve by itself but gets redirected to the index.php page. It only appears that all contacts look at this page only on my website. And it doesn't appear to be following the links from the index page.

As an example. I've had to ban 100 IP Addresses. Which had from individual IP Addresses up to 750,000 hits (on one IP Address) on that one page, in just a 2 week period in October. Many more IP Addresses has 100,000+ connections. Mostly the IP Addresses are Brazilian. But not all. I don't know if this User Agent originates from Brazil but it seems to be spreading. to other countries.

I just thought I'd let everybody know about this problem. Especially to look out for this User Agent. I'm not somebody who knows much about this phenomenon. If anybody has any useful comments or observations about this. I'd be happy to here from you. To improve my knowledge about this client or any others. I'd also be interested to know the best solutions for getting rid of these pesky clients. I'd also like to hear other stories about any other clients to watch out for.

 

[creataweb]

Using SSL with Cloudflare by any chance to help identify & possibly stop the over-using?

 

[Name Trader]

Using SSL with Cloudflare by any chance to help identify & possibly stop the over-using?

My host also recommended a CDN. TBH I would not have thought this domain needed a CDN. But as you are the 1st person after my host to recommend that. I'll see if Cloudflare have an affordable option. tnx.

 

[Name Trader]

OK I signed up for the cloudflare free service. From what I've read, and I'd like someone to confirm, that this only provides you Cacheing, prevention of DDOS attacks and Shared SSL. Anything else?

 

[Name Trader]

I think the CDN will be mostly (or almost entirely) be serving this page and any other, from it's cache, and this will help my bandwidth significantly. After telling my Host what I had done, they seemed very happy with my choice of CDN, mentioning this was use by many other clients. But they did mention that it might disrupt any auto SSL renewal which the host might want to make. They said the answer would be, if it happens, to disable CloudFlare, do the auto SSL renewal, and put Cloudflare back again. No problem

 

[Name Trader]

CloudFlare's shared SSL also would help a lot of customers out who don't have any SSL at the moment. I had forgotten what it is like to have really cheap hosting without SSL. Which is so important, in this New World Order where Google doesn't serve up non-SSL websites any more. Of course this has zero relevance to the original topic. It's just a tip of the hat to CloudFlare, for providing good useful quality product for free.

But it is relevant in as much that using a CDN puts another line of defense in front of these errant Clients. This might bring instant relief from other Clients without me even realizing it. In the future.

 

[Name Trader]

My host also said that CloudFlare's DDOS prevention was more global in reach whereas their own DDOS prevention was more local in reach. Saying they complimented each other perfectly. BS or not BS? I like it

 

[Name Trader]

Now back to the actual topic. Does/Can anyone tell us if they have experience with these kind of malicious or not so malicious bots? And how to deal with them? Or was I the only mug here, not using a CDN already?

 

[viniproject09]

You need a DDOS protected web hosting I believe. A protection that will stop utilizing resources from botnet.

 

[EbookLover]

Whose our host? I mean you made a good choice to use cloudflare. I have never done it yet but will soon.

But about SSL, most hosts seem to have implemented free, auto renewing, Let's Encrypt SSL function in their control panels so I would not say free SSL is really a selling point for using a CDN anymore. I have Let's Encrypt on all my sites. It only takes 2 or 3 clicks.

Also, not that it matters anymore since you seem to have solved your problem with a CDN, but is your site wordpress? I have been using Cerber security to keep bots at bay. Lot's people use WordFence but I went with Cerber because it has the easy option of putting reCaptcha on the login, forgot password and comment forms.