General Discussions

**neorunner** · 04-12-2007, 05:08 PM

I have bots wreaking havoc on my site the last few days. They come looking for login pages and forms. They are also doing something where they attempt sending a GET command to jpager.yahoo.com using a url string that has a username and a password. My guess is they are trying to hack some yahoo accounts.

How do I stop these bastards? They are sucking up my bandwidth, and all the hits slow down my server.

I know there are bot traps out there, but these bots are just doing requesting random words as directories and random words.php as the file name. I don't know of a bot trap that can handle that.

**ADAM Web Design** · 04-12-2007, 05:26 PM

Well, if they're interpreting random stuff that only bots interpret, you can detect the activity and/or their IPs and redirect them to somewhere nasty accordingly.

**ForrestCroce** · 04-12-2007, 05:26 PM

Are you seeing a lot of 404 traffic from the random words.php requests?

The first thing you want to do is get the user-agent string they're running under from your logs, and ban that in your robots.txt file; this only works on polite 'bots, though.

Are all of the requests coming from the same IP address? It depends what type of web server you're using how you would block that, I'm guessing you have a .htaccess file you can do quite a bit with if people are looking for PHP on your site? If there's a consistent IP, referrer, or some other pattern, the good folks here will help you figure out how to ban them.

Simply banning access would be a lot better than running a 'bot trap. The theory behind traps is to make the 'bot less productive by wasting its time and bandwidth ... that also wastes yours.