mouse25 Posted May 7, 2003 Share Posted May 7, 2003 Hope I'm in the right place for this. I was just looking over AwStats in the 'browsers' section and noticed one called TelePort Pro and apparently it is an offline browser. Well it looks like it downloaded my entire site - all 18,000+ pages of it!! 16.5% of my traffic and bandwidth. I do not like this idea at all, not one bit. Is there anyway to keep it out?? Thanks, any help on this will be greatly appreciated. I probably do know how to do this but I'm a bit too freaked to think about it clearly. - Ty Quote Link to comment Share on other sites More sharing options...
TCH-Rick Posted May 7, 2003 Share Posted May 7, 2003 If you look at Latest Visitors in AWStats you may see that one IP was responsible. If so, you could try adding an IP block on that address to keep him out. Send me a PM if you want me to look into it. Quote Link to comment Share on other sites More sharing options...
TCH-JimE Posted May 7, 2003 Share Posted May 7, 2003 Teleport pro is nearly impossible to block because it litterally acts like a browser and immates a robot. The best way to do this is to use an IP block if its occurs again Jim Quote Link to comment Share on other sites More sharing options...
TCH-JimE Posted May 7, 2003 Share Posted May 7, 2003 Having said that, a quick google gives these links: http://www.webmasterworld.com/forum13/1823.htm http://www.webmasterworld.com/forum11/1707.htm http://www.phpfreaks.com/quickcode/Block_L..._Content/46.php I am unsure if any of these will work, but good luck and let us know how you do Jim Quote Link to comment Share on other sites More sharing options...
mouse25 Posted May 7, 2003 Author Share Posted May 7, 2003 Thanks, I hadn't seen the php one before. I've never worked with either MySql or php but I'll try. I did block the IP but it's like closing the barn doors after the horse. B*****rds got all 18000 pages of my archives. Ty Quote Link to comment Share on other sites More sharing options...
TCH-JimE Posted May 7, 2003 Share Posted May 7, 2003 Having had a look around, since its a bot, you could rewrite your bot file: http://www.robotstxt.org/wc/faq.html#robotstxt Jim Quote Link to comment Share on other sites More sharing options...
boxturt Posted May 8, 2003 Share Posted May 8, 2003 Thank you Jim for taking the extra time to look into this. I will certainly give it a try, I don't suppose it could hurt. - Ty Quote Link to comment Share on other sites More sharing options...
boxturt Posted May 10, 2003 Share Posted May 10, 2003 I tried adding it to robots.txt User-agent: teleport Disallow: / and then I downloaded the free version of teleport. Got right into my site. I tried it with full name and version number as seen in my raw logs and that didn't work either User-agent: Teleport Pro/1.29.1590 Disallow: / (freebie has different version# so I changed it).....SO....... I'm still looking for suggestions if anybody has any, please? Thanks, Ty Quote Link to comment Share on other sites More sharing options...
TCH-Andy Posted May 10, 2003 Share Posted May 10, 2003 Boxturt, A useful link here http://diveintomark.org/...block..._unwanted_robots might be worth a try of some of the suggestions there. Andy Quote Link to comment Share on other sites More sharing options...
boxturt Posted May 10, 2003 Share Posted May 10, 2003 Thanks AndyB. This looks very promising albeit a little scary for such a tiny turtle... -Ty Quote Link to comment Share on other sites More sharing options...
TCH-Andy Posted May 11, 2003 Share Posted May 11, 2003 But with that nice safe shell to hide in, not a problem I'm having a look at how to protect my site to, I'll let you know how I get on with my attempts if I ever understand it all Andy Quote Link to comment Share on other sites More sharing options...
TCH-Andy Posted May 11, 2003 Share Posted May 11, 2003 I downloaded Teleport Pro to have a play, and the more I play, the less I like it. By default, it impersonates Microsoft Internet Explorer - you can set the option to identify itself as Teleport, but who will You even have an option to ignore the robots exclusion standard !!!!! I don't see a way that the htaccess can get round this without a little extra programming. My first thoughts are to use PHP to recognise when anyone is hitting my pages faster than say 10 pages / minute. It should let all the friendly bots through, but deny anyone trying to suck your pages dry. Anyone have any other suggestions? Andy Quote Link to comment Share on other sites More sharing options...
boxturt Posted May 11, 2003 Share Posted May 11, 2003 I noticed that about the "disguises" as well. I still went ahead and put a list in my .htaccess file but you're right, there's got to be a more efficient way. (snippet) RewriteEngine On RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Teleport [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Vacuum [NC] RewriteRule .* - [F] stuckintheshell ty Quote Link to comment Share on other sites More sharing options...
TCH-Andy Posted May 11, 2003 Share Posted May 11, 2003 For the benefit of others I'll pass on what I've learnt about reading the .htaccess file RewriteEngine OnRewriteCond %{HTTP_USER_AGENT} ^tAkeOut [NC,OR]RewriteCond %{HTTP_USER_AGENT} ^Teleport [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Vacuum [NC] RewriteRule .* - [F] ^ means directly at the beginning of the string - ie in the first case the agent identifyer (HTTP_USER_AGENT) starts with the letters tAkeOut [NC] means No Case - ie it is not case sensitive [OR] is a logical 'OR' ie, if the agent is takeout or teleport or vacuum then the rule applies [F] means Forbidden - i.e. it returns a 403 forbidden code to the client. boxturt, if we tickle you under the chin do you come out of your shell? it used to work for my tortoise Andy Quote Link to comment Share on other sites More sharing options...
TCH-JimE Posted May 12, 2003 Share Posted May 12, 2003 Hi, Intresting, I had not updated to the new version, now I have and I see further problems with it. I will have a think and see what I can come up with Jim Quote Link to comment Share on other sites More sharing options...
matman Posted May 13, 2003 Share Posted May 13, 2003 I think Andy's suggestion would work, but would require either using session or referencing a DB with each hit to see how many hits from a specific user in a given amount of time. Some performance hit there, but it would allow you to but someone off via PHP, just serve them up a big fat nothing after the first ten pages they request in less than 15 seconds. If the problem "browser" doesn't honor cookies I guess you'd have to use a DB as a work-around. I'll post sample code if anyone's interested. Quote Link to comment Share on other sites More sharing options...
boxturt Posted May 14, 2003 Share Posted May 14, 2003 I sure would appreciate seeing some sample code. I'm still sitting here scratching my head over it. Thanks! -Ty Quote Link to comment Share on other sites More sharing options...
stoneage Posted May 14, 2003 Share Posted May 14, 2003 Had this problem a while ago. Could not find an answer. Found several interesting opinions and attempts in here: Quote Link to comment Share on other sites More sharing options...
natimage Posted May 14, 2003 Share Posted May 14, 2003 RewriteEngine OnRewriteCond %{HTTP_USER_AGENT} ^tAkeOut [NC,OR]RewriteCond %{HTTP_USER_AGENT} ^Teleport [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Vacuum [NC] RewriteRule .* - [F] I put this code in my .htaccess, right beneath my options -indexes command. Is that where it should go? Thanks, Tracy Quote Link to comment Share on other sites More sharing options...
TCH-JimE Posted May 14, 2003 Share Posted May 14, 2003 (edited) Hi, Here is a rather long list of ones that I now block. You will note google image bot is there and a few other bots, delete the lines you dont want! Please also note it does block some mozilla copies so you may wish to delete these too. >RewriteCond %{HTTP_USER_AGENT} ^Alexibot [OR] RewriteCond %{HTTP_USER_AGENT} ^asterias [OR] RewriteCond %{HTTP_USER_AGENT} ^BackDoorBot [OR] RewriteCond %{HTTP_USER_AGENT} ^Black.Hole [OR] RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR] RewriteCond %{HTTP_USER_AGENT} ^BlowFish [OR] RewriteCond %{HTTP_USER_AGENT} ^BotALot [OR] RewriteCond %{HTTP_USER_AGENT} ^BuiltBotTough [OR] RewriteCond %{HTTP_USER_AGENT} ^Bullseye [OR] RewriteCond %{HTTP_USER_AGENT} ^BunnySlippers [OR] RewriteCond %{HTTP_USER_AGENT} ^Cegbfeieh [OR] RewriteCond %{HTTP_USER_AGENT} ^CheeseBot [OR] RewriteCond %{HTTP_USER_AGENT} ^CherryPicker [OR] RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR] RewriteCond %{HTTP_USER_AGENT} ^CopyRightCheck [OR] RewriteCond %{HTTP_USER_AGENT} ^cosmos [OR] RewriteCond %{HTTP_USER_AGENT} ^Crescent [OR] RewriteCond %{HTTP_USER_AGENT} ^Custo [OR] RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR] RewriteCond %{HTTP_USER_AGENT} ^DittoSpyder [OR] RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR] RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR] RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR] RewriteCond %{HTTP_USER_AGENT} ^EmailCollector [OR] RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR] RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR] RewriteCond %{HTTP_USER_AGENT} ^EroCrawler [OR] RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR] RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR] RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR] RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR] RewriteCond %{HTTP_USER_AGENT} ^Foobot [OR] RewriteCond %{HTTP_USER_AGENT} ^FrontPage [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR] RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR] RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR] RewriteCond %{HTTP_USER_AGENT} ^Googlebot-Image [OR] RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR] RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR] RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR] RewriteCond %{HTTP_USER_AGENT} ^Harvest [OR] RewriteCond %{HTTP_USER_AGENT} ^hloader [OR] RewriteCond %{HTTP_USER_AGENT} ^HMView [OR] RewriteCond %{HTTP_USER_AGENT} ^httplib [OR] RewriteCond %{HTTP_USER_AGENT} ^HTTrack [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^humanlinks [OR] RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [OR] RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR] RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR] RewriteCond %{HTTP_USER_AGENT} ^Indy\ Library [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^InfoNaviRobot [OR] RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR] RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR] RewriteCond %{HTTP_USER_AGENT} ^JennyBot [OR] RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR] RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR] RewriteCond %{HTTP_USER_AGENT} ^Kenjin.Spider [OR] RewriteCond %{HTTP_USER_AGENT} ^Keyword.Density [OR] RewriteCond %{HTTP_USER_AGENT} ^larbin [OR] RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR] RewriteCond %{HTTP_USER_AGENT} ^LexiBot [OR] RewriteCond %{HTTP_USER_AGENT} ^libWeb/clsHTTP [OR] RewriteCond %{HTTP_USER_AGENT} ^LinkextractorPro [OR] RewriteCond %{HTTP_USER_AGENT} ^LinkScan/8.1a.Unix [OR] RewriteCond %{HTTP_USER_AGENT} ^LinkWalker [OR] RewriteCond %{HTTP_USER_AGENT} ^lwp-trivial [OR] RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR] RewriteCond %{HTTP_USER_AGENT} ^Mata.Hari [OR] RewriteCond %{HTTP_USER_AGENT} ^Microsoft.URL [OR] RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR] RewriteCond %{HTTP_USER_AGENT} ^MIIxpc [OR] RewriteCond %{HTTP_USER_AGENT} ^Mister.PiX [OR] RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR] RewriteCond %{HTTP_USER_AGENT} ^moget [OR] RewriteCond %{HTTP_USER_AGENT} ^Mozilla/2 [OR] RewriteCond %{HTTP_USER_AGENT} ^Mozilla/3.Mozilla/2.01 [OR] RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*NEWT [OR] RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR] RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR] RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR] RewriteCond %{HTTP_USER_AGENT} ^NetMechanic [OR] RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR] RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR] RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR] RewriteCond %{HTTP_USER_AGENT} ^NICErsPRO [OR] RewriteCond %{HTTP_USER_AGENT} ^NPBot [OR] RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR] RewriteCond %{HTTP_USER_AGENT} ^Offline.Explorer [OR] RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR] RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR] RewriteCond %{HTTP_USER_AGENT} ^Openfind [OR] RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR] RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR] RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR] RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR] RewriteCond %{HTTP_USER_AGENT} ^ProPowerBot/2.14 [OR] RewriteCond %{HTTP_USER_AGENT} ^ProWebWalker [OR] RewriteCond %{HTTP_USER_AGENT} ^ProWebWalker [OR] RewriteCond %{HTTP_USER_AGENT} ^QueryN.Metasearch [OR] RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR] RewriteCond %{HTTP_USER_AGENT} ^RepoMonkey [OR] RewriteCond %{HTTP_USER_AGENT} ^RMA [OR] RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR] RewriteCond %{HTTP_USER_AGENT} ^SlySearch [OR] RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR] RewriteCond %{HTTP_USER_AGENT} ^SpankBot [OR] RewriteCond %{HTTP_USER_AGENT} ^spanner [OR] RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR] RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR] RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR] RewriteCond %{HTTP_USER_AGENT} ^suzuran [OR] RewriteCond %{HTTP_USER_AGENT} ^Szukacz/1.4 [OR] RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR] RewriteCond %{HTTP_USER_AGENT} ^Teleport [OR] RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR] RewriteCond %{HTTP_USER_AGENT} ^Telesoft [OR] RewriteCond %{HTTP_USER_AGENT} ^The.Intraformant [OR] RewriteCond %{HTTP_USER_AGENT} ^TheNomad [OR] RewriteCond %{HTTP_USER_AGENT} ^TightTwatBot [OR] RewriteCond %{HTTP_USER_AGENT} ^Titan [OR] RewriteCond %{HTTP_USER_AGENT} ^toCrawl/UrlDispatcher [OR] RewriteCond %{HTTP_USER_AGENT} ^toCrawl/UrlDispatcher [OR] RewriteCond %{HTTP_USER_AGENT} ^True_Robot [OR] RewriteCond %{HTTP_USER_AGENT} ^turingos [OR] RewriteCond %{HTTP_USER_AGENT} ^TurnitinBot/1.5 [OR] RewriteCond %{HTTP_USER_AGENT} ^URLy.Warning [OR] RewriteCond %{HTTP_USER_AGENT} ^VCI [OR] RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR] RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR] RewriteCond %{HTTP_USER_AGENT} ^WebBandit [OR] RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR] RewriteCond %{HTTP_USER_AGENT} ^WebEMailExtrac.* [OR] RewriteCond %{HTTP_USER_AGENT} ^WebEnhancer [OR] RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR] RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR] RewriteCond %{HTTP_USER_AGENT} ^Web.Image.Collector [OR] RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR] RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR] RewriteCond %{HTTP_USER_AGENT} ^WebmasterWorldForumBot [OR] RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR] RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR] RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR] RewriteCond %{HTTP_USER_AGENT} ^Website.Quester [OR] RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR] RewriteCond %{HTTP_USER_AGENT} ^Webster.Pro [OR] RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR] RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR] RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR] RewriteCond %{HTTP_USER_AGENT} ^WebZip [OR] RewriteCond %{HTTP_USER_AGENT} ^Wget [OR] RewriteCond %{HTTP_USER_AGENT} ^Widow [OR] RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[Bb]andit [OR] RewriteCond %{HTTP_USER_AGENT} ^WWW-Collector-E [OR] RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR] RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR] RewriteCond %{HTTP_USER_AGENT} ^Xenu's [OR] RewriteCond %{HTTP_USER_AGENT} ^Zeus Jim Edited May 14, 2003 by Jimuni Quote Link to comment Share on other sites More sharing options...
boxturt Posted May 14, 2003 Share Posted May 14, 2003 Thank Jim. Many I do have (I've got a pretty long list) but there are a few here I don't recognize and will sure check out. If I can just figure out a way to recognize the incognito leeches after a certain amount of downloads and boot them out I'd be all set! Actually, there shouldn't be any "downloads" at all - should there? (search engine cache?) Thanks -Ty Quote Link to comment Share on other sites More sharing options...
TCH-Andy Posted May 25, 2003 Share Posted May 25, 2003 I've thrown together a bit of php code which checks for to many hits from the same IP address, and then blocks it for a given amount of time. It seems to work, but would welcome someone trying to grab http://www.mycoted.com/test/norobot/index.php If it works I'll happily tidy up the code a bit and publish it here, then the experts, rather than beginners like me, can sort it out properly Would anyone like to guess what sensible figures for times are. At the moment I will block (for 30s) anyont hitting the test site more than 6 times in 2 seconds. I want to make sure I don't stop google or any other friendly robot Andy Quote Link to comment Share on other sites More sharing options...
boxturt Posted May 25, 2003 Share Posted May 25, 2003 Not sure what it means but I used Teleport and pinched all 33 objects in just about 10 seconds. -ty Quote Link to comment Share on other sites More sharing options...
TCH-Andy Posted May 25, 2003 Share Posted May 25, 2003 Doesn't sound good Have you had a look at the content in the files - hopefully I may be saved, and only the first 7 or 8 actually have something in - other than an error message. Andy Quote Link to comment Share on other sites More sharing options...
boxturt Posted May 25, 2003 Share Posted May 25, 2003 Yes, I have looked - after reading your post (wasn't sure I was supposed to). The first 7 pages are all templates pages. Pages 8 - 30 are Access Denied content with my IP# in them but it did still deliver all 33 items. Anything specific I should look for? Quote Link to comment Share on other sites More sharing options...
TCH-Andy Posted May 25, 2003 Share Posted May 25, 2003 Thanks, At least you didn't manage to steal the content I had set it so that it just gives them a dummy file with their IP address - having worked out the code, I could fairly easily get it to edit the .htaccess file and deny their IP. My problem then was deciding if I bother to allow them access again at some later date... My overall view was that if they end up with a hard disk full of rubbish after trying to steal my pages then I don't mind I've had 3 folk take a full copy of my web site in the last 2 weeks, so was starting to get frustrated.... Andy Quote Link to comment Share on other sites More sharing options...
boxturt Posted May 25, 2003 Share Posted May 25, 2003 Seemed to work then! So what you're saying is I would have kept getting (perpetually) the same junk files over and over? Wish I'd had that yesterday. Got nailed by Acrobat last night, I didn't even know they (Adobe) had one of those evil things but they do. -Ty Quote Link to comment Share on other sites More sharing options...
TCH-Andy Posted May 25, 2003 Share Posted May 25, 2003 That's the plan - just the same junk file forever I'll do a couple of mods, then let you have a copy of the script if you like. I've been nobbled by Adobe Acrobat once myself Andy Quote Link to comment Share on other sites More sharing options...
boxturt Posted May 25, 2003 Share Posted May 25, 2003 That would be sweeeeeeeet! Thank you very much kind sir ty Quote Link to comment Share on other sites More sharing options...
TCH-Andy Posted May 25, 2003 Share Posted May 25, 2003 There are still a number if things I want to do to tidy up the code, but for anybody who wants it, please feel free. <?// Usage: require_once("security.php"); at the start of website scripts. $SQL_USER="xxx"; // your sql user name $SQL_PWD="xxx"; // your sql password $SQL_DB="xxx"; // your sql database name $fasthits =2; // time in seconds below which hits are fast $blockfast=6; // number of fast hits before you block them $blocktime=120; // time in seconds which you block an offending IP. $delold = 1000; // delete log older than 1000s // // This requires a sql database set up with 1 table (SQL_SECURITY) // which has 4 variables // SC_ID, as ID generated by SQL, although this isn't actually used // SC_IP, a text field to contain the IP address of anyone hitting your site // SC_TIME, an integer to hold the time (in seconds) of the last visit // SC_FA, an integer that holds the number of fast hits by the IP address // $SQL_SECURITY="SQL_SECURITY"; $ip = $_SERVER["REMOTE_ADDR"]; $link = mysql_connect("localhost", $SQL_USER, $SQL_PWD) or die(mysql_error()); mysql_select_db($SQL_DB) or die(mysql_error()); $time = time(); $nfast=0; $deloldtime = $time - $delold; // Delete all old records from the file. $query ="DELETE FROM $SQL_SECURITY WHERE SC_TIME <= $deloldtime"; $result = mysql_query($query) or die(mysql_error()); $query= "SELECT * FROM $SQL_SECURITY WHERE (SC_IP LIKE \"$ip\")"; $result = mysql_query($query) or die(mysql_error()); $sql_numrows = @mysql_num_rows($result); // if no hits from this IP, then just add data to log if ($sql_numrows == 0) { $nfast = 0; // set fast access = 0 $query ="INSERT INTO $SQL_SECURITY (SC_IP, SC_TIME, SC_FA) VALUES (\"$ip\", \"$time\", \"$nfast\")"; $result = mysql_query($query) or die(mysql_error()); } // if previous hit from this IP if ($sql_numrows != 0) { $sqlrow = @mysql_fetch_array($result); $lasttime = $sqlrow["SC_TIME"]; $nfast = $sqlrow["SC_FA"]; $block = 0; if ($nfast > $blockfast) $block = $lasttime - $time + $blocktime; // if number of fast hits > block number then send blocking message if ($block > 0) { echo "<html>"; echo "<head>"; echo "<title>Access Denied</title>"; echo "</head>"; echo "<body>"; echo "<b><h1>Access Denied</h1></b>"; echo "<p><b>There have been too many rapid requests from this IP address ($ip).</b></p>"; echo "<p><b>You must now wait a full ($block) seconds before accessing this site again.</b></p>"; echo "</body>"; echo "</html>"; $query ="UPDATE $SQL_SECURITY SET SC_TIME=$time WHERE (SC_IP LIKE \"$ip\") "; $result = mysql_query($query) or die(mysql_error()); mysql_close($link); exit(); } else // number of fast hits less than block level, so update time { if ( ($time - $lasttime) < $fasthits ) { $nfast++; } else { $nfast=0; } $query ="UPDATE $SQL_SECURITY SET SC_TIME=$time, SC_FA=$nfast WHERE (SC_IP LIKE \"$ip\") "; $result = mysql_query($query) or die(mysql_error()); } } mysql_close($link); if (connection_aborted()) exit(); ?> You will need to set up a sql database (which you can do through Cpanel) and define the 4 fields. The values at the top which you can set $fasthits =2; // time in seconds below which hits are fast$blockfast=6; // number of fast hits before you block them $blocktime=120; // time in seconds which you block an offending IP. mean that if (in this case) if 6 hits in a row are all within 2 seconds of the previous hit (ie. 6 hits within 12 seconds if you like) then the user will just get a junk message until there are no hits for a 120s period. Then just include it at the start of every page with require_once("security.php"); I provide no promises with this code, but it seems to work for me I will be updating it, and if anyone would like an updated version (or if you have ideas as to how to improve it) please email or PM me. Andy Quote Link to comment Share on other sites More sharing options...
boxturt Posted May 25, 2003 Share Posted May 25, 2003 Very nice indeed. Of course I have a little problem - 17,000 of them actually. Then just include it at the start of every page with I have 17,000+ pages. I do however have a script that can can do it for me, if I can remember where I put it Thanks Andy Quote Link to comment Share on other sites More sharing options...
hmaf Posted January 20, 2004 Share Posted January 20, 2004 Hi Andy, I tried to copy using HTTRACK, I copied all the pages. Many of them are with Error message. Access Denied...etc. Cool solution Thanks a lot Andy Quote Link to comment Share on other sites More sharing options...
!!blue Posted January 20, 2004 Share Posted January 20, 2004 but for anybody who wants it, please feel free. Andy, thanks so much! I didn't even want to think about having to check which robots I want to block or not. This solution is sooOOOooo much easier. Thanks for the instructions too. Now my question is since I use SSI for my meta tags, can I add the "require-once" code in there? Can the code be as follows: require_once("http://www.mysite.com/path/to/file/security.php"); since the diff files are in diff folders, i'd like to use the entire URL. thanks a mil, !!blue Quote Link to comment Share on other sites More sharing options...
Deverill Posted January 20, 2004 Share Posted January 20, 2004 I have 17,000+ pages. I do however have a script that can can do it for me, if I can remember where I put it Hey Ty, If you have to update every file you have, why not insert a line to PHP-include a file and then from now on all you have do to is add things to that file that are not position dependent like this script. Here's a page about PHP Includes with a lot of good info to get started if you've not done it before. Quote Link to comment Share on other sites More sharing options...
boxturt Posted January 21, 2004 Share Posted January 21, 2004 Thanks, I may do that. The include line is pretty much there but it's still throwing errors like crazy. A subject I've addressed in another area of forums. I've also pretty much let it ride as there appears to be no solution. Quote Link to comment Share on other sites More sharing options...
Nimisha Posted October 1, 2004 Share Posted October 1, 2004 Hi Regarding that script. Has it been checked for whether it blocks normal spiders, ie My good mate - GoogleBot? I don't want him blocked he's my friend. btw Rock Sign Quote Link to comment Share on other sites More sharing options...
TCH-Andy Posted October 1, 2004 Share Posted October 1, 2004 Hi, If you are referring to my script - I've never had a problem with good bots. Google has never once triggered it for me. so it should be fine Quote Link to comment Share on other sites More sharing options...
Nimisha Posted October 1, 2004 Share Posted October 1, 2004 Hi Andy that's excellent to hear. Did you end up updating it, or is it still the same? I'm setting it up now. Quote Link to comment Share on other sites More sharing options...
TCH-Andy Posted October 1, 2004 Share Posted October 1, 2004 I updated it slightly on my machine, but nothing that affects the operation - I'll try and put together a formal update at some stage Quote Link to comment Share on other sites More sharing options...
sgoodwin Posted October 6, 2005 Share Posted October 6, 2005 I updated it slightly on my machine, but nothing that affects the operation - I'll try and put together a formal update at some stage Hi, Andy: I tried implementing this on my site, then I ran httrack on it. In the files httrack downloaded (all of 'em!), I can see your Access Denied messages at the top of each page, but the rest of the html comes in fine... can you help me figure out what I'm doing wrong? Thanks. Quote Link to comment Share on other sites More sharing options...
TCH-Andy Posted October 6, 2005 Share Posted October 6, 2005 It sounds as if you have it only in one part (an included file?). If you PM me, and let me know the domain name - I'll take a look for you. Quote Link to comment Share on other sites More sharing options...
silverz Posted August 4, 2009 Share Posted August 4, 2009 If I have a Wordpress blog, how do I add this php code please ? Quote Link to comment Share on other sites More sharing options...
TCH-Andy Posted August 4, 2009 Share Posted August 4, 2009 If I have a Wordpress blog, how do I add this php code please ? Hi Siverz, welcome to the forums. This is an old thread, but the code still works effectively. The easiest place to add it would be at the beginning of your template, then it's automatically added to all pages. Quote Link to comment Share on other sites More sharing options...
TCH-Thomas Posted August 4, 2009 Share Posted August 4, 2009 Welcome to the forum, silverz. Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted August 4, 2009 Share Posted August 4, 2009 Welcome to the forum, silverz Quote Link to comment Share on other sites More sharing options...
silverz Posted August 5, 2009 Share Posted August 5, 2009 Good to be here Since I'm a novice, I was wondering what are the steps (bullet points is great) on how to get this working with Wordpress? Here's what I'm assuming I am supposed to do: - copy the PHP code in a notepad and save it as Something.php - upload to the root directory - add require_once("Something.php"); between the <head> </head> tags Is that anywhere near correct? Quote Link to comment Share on other sites More sharing options...
TCH-Andy Posted August 5, 2009 Share Posted August 5, 2009 Good to be here Since I'm a novice, I was wondering what are the steps (bullet points is great) on how to get this working with Wordpress? Here's what I'm assuming I am supposed to do: - copy the PHP code in a notepad and save it as Something.php - upload to the root directory - add require_once("Something.php"); between the <head> </head> tags Is that anywhere near correct? Yes, that's pretty much correct I would add the path into the require_once so that it becomes require_once("/home/cpuser/Something.php"); where cpuser is your cpanel username ( and assuming you have uploaded Something.php into your root directory. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.