With Bitninja server firewall activated, a website server is automatically protected against servers against the most aggressive bots, spiders, and hacker attacks. This is achieved by blacklisting origin IP addresses that are found to be guilty in due course.
For Ezoic users, many end up having their website visitors falling victims due to server security. Since Ezoic integration via CloudFlare or nameservers makes all traffic come from a set of Ezoic owned IP addresses, Bitninja sees them like bot traffic and thus triggering the server security or even blacklisting them.
If you have Bitninja server security activated on your website and experiencing a traffic decline, you might want to confirm the cause and also implement some simple solutions to deal with the blacklist security issue. Below are the 4 ways you can try to solve Bitninja’s server security.
4 ways to deal with Bitninja server security blacklist
- Whitelist Ezoic’s IP address in the app
- Set up User Agent Authentication and X-Forwarded-For Header
- Disable the security app from your host
- Move to a different host
Whitelist Ezoic’s IP address in the app
If you are able to list all of Ezoic’s IP addresses, then you can whitelist all of them from within the security application. Whitelisting those IPs will prevent your website, visitors, from being looked at as bots. This will allow them to access the website without being blocked.
Set up User Agent Authentication and X-Forwarded-For Header
User-agent authentication allows your web host to identify ezoic requests and thus allow them. On the other hand, X-Forwarded-For Header will help forward the real IP of the visitor. You can check this article for a full guide.
Disable the security app from your host
If all of the above seem not to help you out, the other solution to have it solved is disabling the security application from your host. Disabling it will mean no intervention of traffic to your domain though you may suffer from other bot and hacker attacks.
Move to a different host
Switching to a different host should be your last resort. This is only applicable in situations when your host isn’t working it out with you or completely fails to respond to your queries. Instead of losing your traffic, going for a listening host might help you out. But remember, you need money to pay for the services.
Ezoic do not have fix ip addresses, nor PTR records.
User agent authenication is useless :/ Bots often use fake headers, and there is no validation for it.
The best way to avoid issues, is to turn off the content caching in Ezoic, since they cache everything including Your admin panel, and can serve it to unauthorized visitors.