It is currently Tue Jun 19, 2018 4:01 am


Unwanted bots on a board

Discuss security related topics in here (Hacking, Cracking, and Protecting)
Do not post HJT Logs here

Moderator: PCguy

Unwanted bots on a board

Postby Polarbear » Tue Jul 03, 2012 1:51 pm

I am running a php board, plasticmodelsplus.ca. Recently we have been seeing large numbers of guests in at the same time, all coming from the same IP strings. We have tried the "disallow" script in the bot text in the root and they still get in. We then tried creating an htaccess file and put a script in there. They still get in. We don't mind some bots, the main ones, google, bing, yahoo or anything that deals with education. But the nasty ones, I won't mention the names so as not to promote them seem not to understand the word "NO". I will say the IP strings start with 212, 213, 150 and I forget the last one. Is there another way to deal with these? Be nice to defeat them for once.

Cheers
Daniel
User avatar
Polarbear
Newbie
Newbie
 
Posts: 11
Joined: Tue Jul 03, 2012 12:52 am

Thanks given:2
Thanks received:0
Top

Re: Unwanted bots on a board

Postby Gecko » Tue Jul 03, 2012 3:01 pm

There is more than one way to use an htaccess file to ban an ip or ip range.
Do you know what "script" was used?
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5209
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: Unwanted bots on a board

Postby Polarbear » Tue Jul 03, 2012 4:41 pm

Good to see you Gecko.

I am not sure if I am allowed to post this but here was an email from my server and the script used. His reference to "persistent one" is one of the bots. One of my questions to him after this was can you wildcard using "*" or do you require separating ip's by comma. All I know is we would like to run a clean site, no monkey wrenches thrown in. Any help would be appreciated.

Hi Daniel,

This is definitely a persistent one.

Here is info from the link you provided me on how to block a specific IP:

# permanently redirect specific IP request for entire site
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REMOTE_HOST} 77\.88\.26\.27 #Replace this IP with the IP that you want to block
RewriteRule \.shtml$ http://www.youtube.com/watch?v=oHg5SJYRHA0 [R=301,L]

This script would need to be added to the .htaccess file

I have already added script to block 213.186.127.11

You need to have your administrator add any other IP's that need to be blocked.

This is a nasty way to block someone, but they diserve it if they are gobbling up your bandwidth.

Cheers
Daniel
User avatar
Polarbear
Newbie
Newbie
 
Posts: 11
Joined: Tue Jul 03, 2012 12:52 am

Thanks given:2
Thanks received:0
Top

Re: Unwanted bots on a board

Postby Gecko » Wed Jul 04, 2012 2:07 pm

Daniel,

That script will only work if rewrite is enabled in PHP on your server and the IP is formatted correctly in the script.

If rewrite is not enabled then you can use the following in an .htaccess file:
order allow,deny
allow from all
deny from 213.186.127.11

What I have been using for php based sites now is ZbBlock:
http://www.spambotsecurity.com/zbblock.php

Who said thanks: Polarbear (Wed Jul 04, 2012 3:08 pm)
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5209
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: Unwanted bots on a board

Postby Polarbear » Wed Jul 04, 2012 3:12 pm

Very good read Gecko, thank you. It seems the script we added is working. We wildcarded the 213 ip. Havent seen them back yet. I am passing the info you provided on to my right hand man. This is something he had never dealt with before so we are both learning. Plasticmodelsplus is a nice little site. Just a few guys building models and taking pictures as they go. Build logs. I started a wooden kit yesterday of the Bluenose. Canada's most famous schooner. Going to be fun.

Cheers
Daniel
User avatar
Polarbear
Newbie
Newbie
 
Posts: 11
Joined: Tue Jul 03, 2012 12:52 am

Thanks given:2
Thanks received:0
Top

Re: Unwanted bots on a board

Postby Gecko » Sat Jul 07, 2012 4:42 pm

Glad you got it sorted out.

The latest bots I've been fighting are Microsoft's adidxbot and bingbot.
They took over one of my shopping cart sites and maxed out the allocated CPU usage, at least they mind the robots.txt file.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5209
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: Unwanted bots on a board

Postby Polarbear » Fri Aug 10, 2012 2:25 pm

Gecko. Bots have slowed down a bit. With that zblock you mentioned do you just copy and paste all the code they have at the bottom of the page? If so where do I paste it to? I personally dont do a lot of the background stuff on the site. Mostly stick to building kits. My tech guy seems to have gone missing in action lately. Guess he is busy building sites.

Cheers
Daniel
User avatar
Polarbear
Newbie
Newbie
 
Posts: 11
Joined: Tue Jul 03, 2012 12:52 am

Thanks given:2
Thanks received:0
Top

Re: Unwanted bots on a board

Postby Gecko » Fri Aug 10, 2012 3:18 pm

Polarbear,

Included with the Zbblock download is a file call docs.txt this is where the install instructions are.
Although I should warn you that it's more than just pasting a line of code and no it's not the one you referenced.
There is an install that needs to be run first and you will have to know your database's credentials (name, login, password).

Once the install is finished the install setup will give you the exact line of code (hook) that needs to be pasted into a file.
This code needs to be the first line of code in the appropriate file for you board.
Depending on what bulletin board you are running will depend on what file has to be altered.

PhpBB: Add ZB Hook code to common.php in the root directory.
Vbulletin: Add ZB Hook code to global.php in root of forum folder.

Hope this helps
Gecko
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5209
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: Unwanted bots on a board

Postby Polarbear » Fri Aug 10, 2012 3:44 pm

Thanks Gecko. I know how to access the database but from what I see from you it is way over my head. We are using php. Guess I can just ride it out for a while and see what happens. Seems I'm not as bright as I used to be. Maybe getting older has something to do with it. :lol:
User avatar
Polarbear
Newbie
Newbie
 
Posts: 11
Joined: Tue Jul 03, 2012 12:52 am

Thanks given:2
Thanks received:0
Top

Re: Unwanted bots on a board

Postby Gecko » Fri Aug 10, 2012 5:10 pm

Polarbear wrote:Seems I'm not as bright as I used to be. Maybe getting older has something to do with it. :lol:

Speak for yourself, the older I get the the more I know, the mind's still sharp, it's the body that shows it's age.

If you know the IP of the bots you can add them to your .htaccess file by copying and pasting the line:
RewriteCond %{REMOTE_HOST} 77\.88\.26\.27
Replace the numbers with the new IP you want to ban.

Who said thanks: Polarbear (Fri Aug 10, 2012 5:46 pm)
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5209
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: Unwanted bots on a board

Postby Polarbear » Fri Aug 10, 2012 5:48 pm

One thing we did try was in the spiders and bots in the ACP, we added and then deactivated. Would that work too?
User avatar
Polarbear
Newbie
Newbie
 
Posts: 11
Joined: Tue Jul 03, 2012 12:52 am

Thanks given:2
Thanks received:0
Top

Re: Unwanted bots on a board

Postby Gecko » Sun Aug 12, 2012 3:45 pm

I really could not answer that one, the only board I help run is this one anymore. So I have not stayed current with the new releases.
Sounds like it could be what you need but I would have to really look into it before giving advice.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5209
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top


Return to Security

Who is online

Users browsing this forum: No registered users and 1 guest

cron