How to block evil majestic bot

Discussion in 'General' started by jrmarino, Dec 23, 2007.

  1. jrmarino

    jrmarino New Member

    I was looking in my logs, here is a sample:


    The logs are filled with this majestic bot, but the robots.txt instructs to disallow all robots to the entire document root. According to this page:

    http://www.majestic12.co.uk/projects/dsearch/mj12bot.php

    There is an evil botnot spoofing an older version of a legitimate bot. They suggest filtering out the request based on this text "MJ12bot/v1.0.8"

    Exactly how do I do that? I am guessing it is the "Filter Request" tab on the server panel?

    Can you outline the settings necessary to block this nuisance?
    Last edited: Dec 23, 2007
  2. jrmarino

    jrmarino New Member

  3. mistwang

    mistwang LiteSpeed Staff

    Use rewrite rule or request fileter

    Rewrite Rule

    Code:
    RewriteCond %{HTTP_USER_AGENT} ^MJ12bot/v1.0.8 [NC,OR]
    RewriteRule .*  - [F]
    filter rule
    Code:
    SecFilterSelective HEADER_USER_AGENT ^MJ12bot/v1.0.8
  4. jrmarino

    jrmarino New Member

    Thanks a lot!
  5. killed

    killed New Member

    My apology to this thread (long time): I implementing this to block Firefox/3
    But not effect

    113.162.128.27 - - [16/Feb/2012:15:01:41 +0700] "POST /forum/login.php?do=login HTTP/1.1" 200 4464 "http://svtoantin.com/forum/forumdisplay.php?f=122" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.8) Gecko/20100722 AskTbFXTV5/3.8.0.12304 Firefox/3.6.8"

    Here:
    _Rule: SecFilterSelective HEADER_USER_AGENT "Firefox/3"
  6. killed

    killed New Member

    Up this thread :(
  7. webizen

    webizen New Member

    Does this rule in .htaccess work for you?
    %
  8. killed

    killed New Member

    Yes, in .htaccess work fine. But I need "hard" prevent for all host (with 100 host, use .htaccess impossible)

    Thank webizen replied.
  9. webizen

    webizen New Member

    you can also try mod_security rule as follows:
  10. killed

    killed New Member

    I tried both:
    SecFilterSelective HTTP_USER_AGENT "MSIE\ 6"
    SecFilterSelective HEADER_USER_AGENT "MSIE\ 6"

    But nothing to effect

    113.162.74.188 - - [02/Mar/2012:12:52:58 +0700] "GET /auto.html HTTP/1.1" 200 935 "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
    113.162.74.188 - - [02/Mar/2012:12:52:58 +0700] "GET /hinh/ads.jpg HTTP/1.1" 200 15668 "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

Share This Page