Protection against malicious user-agents

Here we can forbid access to malicious bots, identifying them through the user-agent (you can get more information about user-agents in this page: http://whatsmyuseragent.com/WhatsAUserAgent.asp).

  • Use default user-agents banned list

Use Securitycheck Pro's blacklist feature. Securityheck Pro incorporate a blacklist with the most common malicious user-agents to save you work. You can edit it clicking on the Edit default user-agents button.

  • Banned user-agents

Do you have problems with a new bot that it's not included in our default blacklist? Use this option to create a a new rule to block it.

For example, suppose you have a lot of entries like this in your access log (this file is usually provided for your web hosting): xx.xx.xx.xx - - [11/Jan/2013:00:11:41 -0500] "GET /xxxxxt HTTP/1.0" 200 1195 "-" "Mozilla/5.0 (compatible; Ezooms/1.0; ezooms.bot@gmail.com)"

The last part of this entry is the user-agent of this bot. If you want to block the access to your site, you only have to add “ezooms” to this option, save your changes and apply them. Remember you have to enter only one user-agent per line.

This option has been created to made your life easier. If you want to block an user-agent, you don't have to put the entire string to create a new rule. You only have to put a string that appear in the user-agent to block it. This is the reason you only have to put ezooms to block the bot of the example.

This option is a powerful mechanism to have your .htaccess file updated. But could give you a lot of headaches if you set a wrong rule. For example, if you use Mozilla/5.0 (compatible; Ezooms/1.0; ezooms.bot@gmail.com) instead of ezooms to block the bot of the example, you will get an Internal Server Error in your entire site. Please, test every new rule before using it in your site.

  • Own code

Write your own code to be added to the file. As I told you in the previous paragraph, a single mistake can result in an Internal Server Error.