Security Blocking bad or aggressive bots

deltahf · Mar 6, 2016

eva2000 said: ↑

Yeah bing webmaster tools is handy for that. Just rogue bots pretending to be bingbot won't observe the limits you place there so just remember that
Click to expand...

Interesting point, I had not thought about that. Are Googlebot imposters not an issue as well?

eva2000 · Mar 6, 2016

deltahf said: ↑

Interesting point, I had not thought about that. Are Googlebot imposters not an issue as well?
Click to expand...

Yeah that MAYBE an issue too. I have much more extensive nginx block/rate limiting method for google and bingbot imposters. But can use more resources as it involves using nginx and geoip nginx module to analyse and monitor the entire ip address/ASN ranges for both google and bing/microsoft to allow only known ips belong to them through and rate limit or block the imposter bots which are coming from ips not known to be owned by google/bing/microsoft.

negative · Mar 7, 2016

I applied these configurations nginx.con and virtual hosts confs both but when i test the results:

PHP:

siege -b -c10 -r1 -A "GetWeb" http://www.domain.com ** SIEGE 3.1.0 ** Preparing 10 concurrent users for battle. The server is now under siege... HTTP/1.1 520 0.26 secs: 5395 bytes ==> GET / HTTP/1.1 520 0.26 secs: 5395 bytes ==> GET / HTTP/1.1 520 0.27 secs: 5395 bytes ==> GET / HTTP/1.1 520 0.27 secs: 5395 bytes ==> GET / HTTP/1.1 520 0.27 secs: 5395 bytes ==> GET / HTTP/1.1 520 0.27 secs: 5395 bytes ==> GET / HTTP/1.1 520 0.28 secs: 5395 bytes ==> GET / HTTP/1.1 520 0.31 secs: 5395 bytes ==> GET / HTTP/1.1 520 0.34 secs: 5395 bytes ==> GET / HTTP/1.1 520 0.35 secs: 5395 bytes ==> GET / done. Transactions: 10 hits Availability: 100.00 % Elapsed time: 0.35 secs Data transferred: 0.05 MB Response time: 0.29 secs Transaction rate: 28.57 trans/sec Throughput: 0.15 MB/sec Concurrency: 8.23 Successful transactions: 0 Failed transactions: 0 Longest transaction: 0.35 Shortest transaction: 0.00

It gives 520 Errors, not 444? I ' m using cloudflare, it may related with that?

BTW: "Cliqzbot", "MegaIndex.ru" and "Yahoo! Slurp" are coming one of the top list user_agents for me.
I will add the yahoo bot to whitelisted as 1 and "Cliqzbot" and "MegaIndex.ru" will be 3 of course.

eva2000 · Mar 7, 2016

yeah sounds like 520 is a cloudflare error status code Error 520: Web server is returning an unknown error – CloudFlare Support

Overview

The 520 error is essentially a “catch-all” response for when the origin server returns something unexpected or something that is not tolerated/interpreted (protocol violation or empty response).

While the 520 error can be triggered by very unique and strange edge-case scenarios, they are generally caused by:

Connection resets (following a successful TCP handshake)

Headers exceed CloudFlare’s header size limit

Empty response from origin

Invalid HTTP response

HTTP response missing response headers

If any of these conditions above can be confirmed from the webserver hosting the site, then it is recommended to consult with the host provider for assistance with the webserver configuration to avoid further interruption and errors.
Click to expand...

nginx 444 gives empty response so matchings what triggers cloudflare 520 so normal

negative · Mar 7, 2016

Added these bots;

"~*Pixray" 3;
"~*MegaIndex.ru" 3;
"~*Cliqzbot" 3;
# bots whitelisted
"~*Googlebot" 1;
"~*bingbot" 1;
"~*Yahoo!\ Slurp" 1;

eva2000 · Mar 8, 2016

nice i updated 1st post with megaindex.ru and cliqzbot block and added yahoo to whitelist

eva2000 · Mar 28, 2016

so how's everyones experiments with the 1st post outlined bad bot rate limiting/blocking configurations ?

more tests please so can polish it for inclusion into 123.09beta01 config setups

deltahf · Mar 28, 2016

It's been working great for me.

pamamolf · Mar 28, 2016

Working great for me also

Jimmy · Mar 28, 2016

What about passive aggressive bots?

negative · Mar 28, 2016

I have no negative performance issue yet. So it looks good.

Btw I moved the YandexBot to whitelist as "1" i think it is important searchbot after google, bing, yahoo so we shouldn't filter it.

eva2000 · Mar 28, 2016

deltahf said: ↑

It's been working great for me.
Click to expand...

great

pamamolf said: ↑

Working great for me also
Click to expand...

thanks for confirmation

Jimmy said: ↑

What about passive aggressive bots?
Click to expand...

define passive aggressive bots ?

negative said: ↑

I have no negative performance issue yet. So it looks good.

Btw I moved the YandexBot to whitelist as "1" i think it is important searchbot after google, bing, yahoo so we shouldn't filter it.
Click to expand...

indeed the forums suddenly got more Russian vistors after yandex visited it this past week. I still have it set to 2 for rate limiting though

Jimmy · Mar 29, 2016

eva2000 said: ↑

define passive aggressive bots ?
Click to expand...

I can't, it was just a joke. Little bot humor.

eva2000 · Mar 29, 2016

Jimmy said: ↑

I can't, it was just a joke. Little bot humor.
Click to expand...

good one

pamamolf · Mar 29, 2016

I keep also yandex limited !

eva2000 · Apr 7, 2016

wow layer 7 DDOS Attack at 8.6Gbps masked as a fake baidu bot New Record Set for Layer 7 DDoS Attacks by Nitol Botnet ! So definitely my bad bot rate limiting/blocking in 1st post setup is useful

Jimmy · Apr 9, 2016

eva2000 said: ↑

wow layer 7 DDOS Attack at 8.6Gbps masked as a fake baidu bot New Record Set for Layer 7 DDoS Attacks by Nitol Botnet ! So definitely my bad bot rate limiting/blocking in 1st post setup is useful
Click to expand...

The author and I follow each other on Twitter. He's got some of the best articles... worth a follow. https://twitter.com/campuscodi

eva2000 · Apr 11, 2016

Found another source for bad bot listing to utilise Blacklist Bot/Crawler Types for Websites | Myip.ms

updated 1st post bot list with a few more additions at Beta Branch - update botlimit.conf bad bot list | Centmin Mod Community

eva2000 · Apr 16, 2016

Bad bot blocking put to good use in WordPress pingback attacks Was community.centminmod down? | Centmin Mod Community

Revenge · Aug 9, 2016

I just received a massive flood(really massive), hitting random links at my site and with the following User Agent: "Pcore-HTTP/v0.24.5"

I blocked it with a 444 response code and it resolved the issue.

Does anyone know this user agent?

Log in / Register

Forums

Want to subscribe to topics you're interested in?

Security Blocking bad or aggressive bots

deltahf Premium Member Premium Member

eva2000 Administrator Staff Member

negative Active Member

eva2000 Administrator Staff Member

negative Active Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

deltahf Premium Member Premium Member

pamamolf Premium Member Premium Member

Jimmy Well-Known Member

negative Active Member

eva2000 Administrator Staff Member

Jimmy Well-Known Member

eva2000 Administrator Staff Member

pamamolf Premium Member Premium Member

eva2000 Administrator Staff Member

Jimmy Well-Known Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Revenge Active Member

.

Log in / Register

Useful Searches

Want to subscribe to topics you're interested in?

Security Blocking bad or aggressive bots

deltahf Premium Member Premium Member

eva2000 Administrator Staff Member

negative Active Member

eva2000 Administrator Staff Member

negative Active Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

deltahf Premium Member Premium Member

pamamolf Premium Member Premium Member

Jimmy Well-Known Member

negative Active Member

eva2000 Administrator Staff Member

Jimmy Well-Known Member

eva2000 Administrator Staff Member

pamamolf Premium Member Premium Member

eva2000 Administrator Staff Member

Jimmy Well-Known Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Revenge Active Member

.