General Question about how to handle spam IPs and bots

Our site gets around 20k-60k visitors per month, we have a multisite set-up with ~70 paid blogs.

Our hosting company keeps telling us that our requests on their server keep going up, and now we are over 10,000,000 per month. They have moved us to our own cloud server set-up. We pay $400/mo now. But they keep telling us that our requests are going up, however our legit traffic (as told by Google Analytics and Quantcast) is not.

If we are really getting 10,000,000 requests, can't we block the spam bots that seem to be causing it?
There must be someway to restrict access from the ones causing all of the issues.

How many requests should be expected with 20k-60k visitors?

They sent us this email regarding the situation:

Here is what our security team says about blocking the IPs:

That's a rather complicated issue. If they are targeted spam he's not likely to see a long term drop off in spam even if we do block the IP addresses, though it will probably help in the short term. We can block a specific block of IP addresses at the firewall, but that would cause issues for any other customers you have that are on the same virtual hosts, and is probably a bad idea overall. Whitelisting just the US, CA, etc isn't feasible at all as there isn't a unified list of IP addresses from just here, and even if there was it wouldn't work since many spammers use proxies that would bypass, and network space is constantly reallocated.

Just to give you an idea of how difficult it would be to block just Romania there are 1627 subnets assigned to RO, which includes 11,332,441 individual IP addresses. If I were to try and determine how many the US/CA/etc had it would be nearly impossible :slight_smile:.

and ...

There's a few solutions you might consider to get rid of bad-guys in a situation like this.

1. put a CAPTCHA in front of registration
2. Lock down wp-login.php/wp-cron.php/etc with htaccess or other rules so only your client can access them.
3. Continuously block IPs as they come up, but this is a very short term solution, and labor intensive.
4. Block all of RO, which is a slightly longer term solution, but won't work for many of your customers. (see attached file for all assigned Romanian networks).

Any help is appreciated..