Support

Admin Tools

#14513 Best way to block content-spambots when target URL is known

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Wednesday, 02 January 2013 11:49 CST

Wednesday, 02 January 2013 11:03 CST

user28652

Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? Yes
Have I searched the tickets before posting? Yes
Have I read the documentation before posting (which pages?)? Yes
Joomla! version: 2.5.8
PHP version: 5.3.17
MySQL version: 5.5.28
Host: Rochen
Admin Tools version: 2.4.4

Description of my issue:

Greetings Nicholas,

Question re: the best way to block bad bot content-spammer traffic
using AT Pro: In my site's case, a forum script that we once ran
attracted content spammers who could exploit the old script. 2+ years
ago, we switched to Joomla! and now use Kunena. The old forum script
was at: sitename/forums. Kunena is now at sitename/forum. Any
legitimate (human) traffic has long since moved to /forum. Yet we still
get 1,000 bots/day coming to /forums. AT Pro and HTTP:BL handle all
these. But is there a more elegant (specifically, less cpu and bandwidth
intensive) method that we can employ utilising AT Pro's tools, knowing that anything coming to sitename/forums is a conent-spamming bot that needs to be blocked?

Notes: We can't block their IP addresses, because they
come from everywhere. But we know the URL they are targeting:
sitename/forums/[various exploit-intenting command strings]. Finally, there is nothing at sitename/forums - not even an empty directory.

Thank you, -- Dave

Wednesday, 02 January 2013 11:12 CST

nicholas

Hello Dave,

I would actually go with a .htaccess solution. The idea is that the .htaccess is one of the first things that gets parsed when a request is being handled by the Apache web server. This happens long before PHP loads, Joomla! does its relatively time consuming boot up and Admin Tools fires. With thousands of hits per day the .htaccess solution will probably lighten the server load considerably, even to the point of being "felt" i.e. the server becoming a bit faster.

The super easy way to do it - and certainly not the only one - is creating a directory called forums in your site's root and putting this .htaccess file in there:

order deny, allow
deny from all
allow from none

Now the spam bots will get an immediate HTTP 403 (Forbidden) reply, without wasting much resources on your server.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 02 January 2013 11:41 CST

user28652

Nicholas,

Excellent!

Thank you, -- Dave

Wednesday, 02 January 2013 11:49 CST

nicholas

You're welcome, Dave!

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!