Block Bad Bots with .HTACCESS

[Administrator]

NOTE:- Updated to the latest code 12-02-25

Bad Bots can use up your bandwidth, and in the worst case crash your forum through overusing your resources. Back in 2014 I had an attack from one bot which resulted in the following.

From the beginning of the month up until mid day today there are 209499 lines in the log. The first instance of this crawler was at line 106496 and lasted for the next 101750 lines. Thats 101750 hits in about 14 hours. A continuous 10 hits a second for 14 hours. All from the same ip.

No wonder the servers resources were overloaded.

Using a bad bot blocking code in your .htaccess can help reduce this. There are 2 files attached, each contain the same Bad Bot Blocking code, but in different formats depending on how you intend to implement them.

The first is for non SSL sites, the second has the following SSL redirect which will redirect all HTTP requests to HTTPS and is only for use on HTTPS sites. They are a direct replacement for the default phpBB .htaccess and include all of the phpBB .htaccess data. Just download, unzip and replace the .htaccess on your site with the relevant one.

Code: Select all

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

.HTACCESS_NO_SSL.zip

.HTACCESS_SSL.zip

I have made a few edits to Jeff Starr's code to block other bandwidth intensive bots and to make it more compatible with your phpBB installation. You are fee to make additional changes if you so with.


This Bad Bot Blocking .htaccess code is based on the one created by Jeff Starr and copyrighted to him. It is used with permission. Source Files It is an Open Source project

[Administrator]

First post updated with a better way to block Bad Bots. You can update from the previous version by downloading, unzipping and uploading the relevant .htaccess file above.

[Administrator]

Updated to the latest version of Jeff Stars Bot Blocking code

[Administrator]

NOTE:- this is compatible with the latest 8G code in the first post

Jeff has written an ad on that blocks 90%+ of aggressive scanners. Simply add this code on a new line at the end of your .HTACCESS file, and then purge your boards cache.

Code: Select all

# 7G Addon: Stop Aggressive Scanning for Uploads-Related Targets
# https://perishablepress.com/stop-aggressive-scanning-uploads/
<IfModule mod_rewrite.c>
	
	RewriteCond %{REQUEST_URI} (_timthumb_|timthumb.php) [NC,OR]
	RewriteCond %{REQUEST_URI} /(install|wp-config|xmlrpc)\.php [NC,OR]
	RewriteCond %{REQUEST_URI} /(uploadify|uploadbg|up__uzegp)\.php [NC,OR]
	RewriteCond %{REQUEST_URI} /(comm\.js|mysql-date-function|simplebootadmin|vuln\.htm|www\.root\.) [NC,OR]
	RewriteCond %{REQUEST_URI} /(admin-uploadify|fileupload|jquery-file-upload|upload_file|upload|uploadify|webforms)/ [NC,OR]
	RewriteCond %{REQUEST_URI} /(ajax_pluginconf|apikey|connector(.minimal)?|eval-stdin|f0x|login|router|setup-config|sssp|vuln|xattacker)\.php [NC]
	
	RewriteRule .* - [F,L]
	
</IfModule>

[Administrator]

First post updated to the latest 7G version

[Administrator]

First post updated to the new 8G version

[Administrator]

Updated. See first post to download the latest version