- This topic is empty.
-
AuthorPosts
-
June 30, 2006 at 11:15 pm #595238AnonymousInactive
I have just now learned how to check my logs for malicious bots and I found this bot
“Syntryx ANT Scout Chassis Pheromone”
I did a search on google using the above text and this website xxhttp://www.kloth.net says this may be a malicious bot.
Again, I am new to the whole concept of checking your logs, so I was hoping those of you more experienced can possibly walk us through the steps you take when you notice an unfamiliar bot visiting your site.
For example—-
1. Do search for “malicious agent found”
2. Confirm bot is malicious
3. Deny bot using your htaccess file using this codeEven if the above agent is malicious, I am unclear as to what I need to add to my htaccess file to block it. I just want to make sure I am doing all I can to keep these thieves out of my content.
Also, if I am not mistaken wager2uk was kind enough to provide us with a list of malicious bots and softwares to block from your website. I wonder if maybe it would be a good idea to make a pinned thread that we could constantly add to so everyone could take advantage of blocking it when one of us finds a malicious bot or software visiting. I think it would be a great way for us to cover more territory instead of relying just on your own findings. Any thoughts?
July 1, 2006 at 12:14 am #697234AnonymousInactiveIn your .htaccess file:
order allow,deny
deny from 000.00.00.00 (put ip of bot there)
allow from allI have seen this one as well and believe it to be malicious.
July 1, 2006 at 1:00 am #697238AnonymousInactiveI also came across this one
psycheclone ip = 208.66.195.2
If I am not mistaken occ, these spam bots originate from many different ips so the move would be to block the user agent instead of the ip. I think it is done this way but correct me if I am wrong.
RewriteCond %{HTTP_USER_AGENT} ^psycheclone [OR]
Also, I am updating my list and am blocking all ips from israel, china, russia, and turkey. I will be happy to share once I am done with it, should be a few hours as it is a lot of cutting and pasting.
July 1, 2006 at 1:38 am #697240AnonymousInactiveSorry guys, I saw another thread with the same subject first and made it sticky.
It’s here:
http://www.casinoaffiliateprograms.com/bb/malicious-bots-list.12757.html?
July 1, 2006 at 1:58 am #697242AnonymousInactiveDon’t get too hung up over a bot issue. Block one bot they will just create another one. Be viligant over who is accessing your site, keep a record if need be. Try this, type that IP right into google see what you find. greek39
July 1, 2006 at 2:09 am #697244AnonymousInactiveBetter yet type in that IP wihtn quotations then add bot.
ex: “208.66.195.2”bot
July 1, 2006 at 2:32 am #697245AnonymousInactiveI have found a script at xxwww.fixingtheweb.com which appears to block an entire country as dictated by you. This sure beats manually putting in all the ip ranges for a specific country which is what I am doing now and it is taking for ever. There are over 1200 ip ranges just for russia alone. Could be very useful if you know what you are doing.
I have also been reading a little on setting spider traps which will block malicious spiders that don’t obey your robots file. But again, this is down the road for me as one minor mistake and you block google and your up the creek. I will feel good when I have my htaccess file blocking the main countries known for spam. At least it is a start.
July 1, 2006 at 2:43 am #697246AnonymousInactiveBonusgeek a good effort no question. I must remain reserverd on this matter because these malcious people like hanging around here. But I can offer you this scenerio, as something to think about. Not all IP from Israel come directly to North America. I have seen some go from Israel to Holland to Germany to Japan back to Holland then North America. By the time it hit North America the IP is so flipped so many times its becomes tuff to distiquish what it is.
Blocking the IP is perhaps a good move, but this will not stop serp scraping.
The IP you had mentioned is malcious and dangerous. greek39July 1, 2006 at 3:26 am #697247AnonymousInactiveBonusgeek wrote:I also came across this onepsycheclone ip = 208.66.195.2
If I am not mistaken occ, these spam bots originate from many different ips so the move would be to block the user agent instead of the ip. I think it is done this way but correct me if I am wrong.
RewriteCond %{HTTP_USER_AGENT} ^psycheclone [OR]
Also, I am updating my list and am blocking all ips from israel, china, russia, and turkey. I will be happy to share once I am done with it, should be a few hours as it is a lot of cutting and pasting.
I simply block each ip as I see them. As per your post, bonus geek, I do think that blocking the user agent is also effective. Perhaps both is a better way? Then again… what greek said is true, they will just create others… OH THE AGONY :roflmao:
-
AuthorPosts