How to Block a Bot Attack
Your server may experience heavy hits from bots. Here are three different examples of bot attacks and how to block them.
Example 1: "BUbiNG" bot
“BUbiNG” bot BUbiNG can cause a massive load spike in the server. To prevent further problems, we can deny that user agent globally.
An easy solution is to use a rewrite rule to detect the user agent, and then set environment with the action [E=blockbot]
. This will drop the direct connection from that client IP.
Add the following to the .htaccess
of your example.com
domain:
RewriteEngine On RewriteCond %{HTTP_USER_AGENT} "BUbiNG" RewriteRule .* - [E=blockbot:1]
To verify, you can run:
curl -A "BUbiNG" example.com
If your rules need further debugging, you can enable the rewrite log for more details.
Example 2: "xmlrpc.php" Bot
On a server, after configuring cPanel Piped Logging to push entries to /usr/local/apache/logs/error_log
, you can see many 404 File not found [/var/www/html/xmlrpc.php]
entries coming through. 404 will not trigger the LSWS WordPress protection feature, because the requests look like they're being processed by the default vhost.
Locate the virtual host serving the requests, and add a vhost-level rewrite rule to drop the connection using [E=blockbot]
.
RewriteRule ^/xmlrpc.php - [E=blockbot:1]
Note: Do not apply the above at the server level since it will block everyone accessing xmlrpc.php
globally.
Example 3: Cookie Bots
If the bots are cookie related, you can also try something like the following and tailor it to what you need.
RewriteCond %{HTTP_COOKIE} yourcookiename RewriteRule .* - [F]