[Owasp-modsecurity-core-rule-set] Blocking Bad Bots (Semrush, Majestic, Slurp)

Walter Hop modsec at spam.lifeforms.nl
Sat Mar 12 16:08:38 UTC 2016


Hi Lorne,

I haven’t used the cPanel interface myself, but if you are able to add to your webserver configuration (httpd.conf), you can add a statement like the following:

SecRule REQUEST_HEADERS:User-Agent "(semrush|majestic|slurp)" \
    "id:123456,phase:1,t:none,t:lowercase,block,tag:BOT,msg:'Bad bot blocked'"

This will block any requests from someone with semrush, majestic or slurp in the User-Agent header. (The rule id must be unique, I’ve used 123456 as an example.)

If you would prefer doing this from cPanel itself, it’s probably best to ask this on the cPanel forums.

Good luck!
WH

> On 12 Mar 2016, at 16:21, Lorne Wanamaker <feldan1 at gmail.com> wrote:
> 
> Hi All,
> 
> Having some issues with the bots listed above hammering sites on my cpanel server. Here is a sample:
> 
> 2016-03-11 18:35:12.670 [INFO] [162.158.35.73:19363 <http://162.158.35.73:19363/>] File not found [/usr/local/apache/htdocs/show/dance-moms]
> 
> There are 1000's of these a day simply searching for stuff that does not exist.
> 
> I do have oswap running on this server but I cannot find the way to block these bots. In the plugin I see you can add blocked agents, but I am not sure on the format to add to this box or if it is indeed the right place to add to in order to block these bots.
> 
> Thanks for any help!
> 
> Regards,
> Lorne
> _______________________________________________
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20160312/a7487019/attachment.html>


More information about the Owasp-modsecurity-core-rule-set mailing list