Quick And Easy Way To Get Rid Of A Bad Bot/Visitor

May 9, 2007 – 6:26 am

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

One of my websites has been growing rapidly in the last few months, and with it I’ve noticed a huge increase in bad bot activity. The most disturbing one is a botnet that searches continously from “search.comcast.net” for a strange phrase designed to bring up one of my pages. I would assume this is some sort of clickbot deal, but I’m not sure.

I looked at some of my other log files and I saw that “search.comcast.net” is generally a miniscule contributor to overall website traffic. I could see on the one site it was approaching 15% of all referrers! Damn, I can only assume the point of this robot is to somehow screw up my ads, ad targeting, or perhaps target me for account termination with invalid clicks. It’s not worth finding out. My solution for the moment, ban all “search.comcast.net” referrers. I’ll refine this a bit in the coming days, but for now it stopped the attack.


< ?php
$referrer = $_SERVER['HTTP_REFERER'];
$host = gethost($ip);
$nhost = parse_url($referrer, PHP_URL_HOST);

if (preg_match("/search.comcast.net/",$nhost)) {
$text = "\n Asshole $referrer bounced\n";
$file = fopen('text.html', 'a', 1);
fwrite($file, $text);
fclose($file);
header("Location: http://absolutely.fa-bulo.us/forbid-you.php");
exit();
}
function gethost($ip)
{
$host = `host $ip`;
$host=end(explode(' ',$host));
$host=substr($host,0,strlen($host)-2);
$chk=split("\(",$host);
if($chk[1]) return $ip." (".$chk[1].")";
else return $host;
}

?>

Include this php file in your header so it works on every page

This is a simple solution, and you’re welcome to use it. We check all referers to the website. We look for any that match “search.comcast.net” and if we find it, we log the attempt in a file, then send the visitor to a page called “forbid-you.php” which contains a descriptive message telling them why they were denied, and we log their attempt to a text file to see how many attempts in total there were.

I plan on adding more programming logic to this solution, but in the meantime, it will stop all visitors from one referer dead just by changing the text variable in the regex.

If you enjoyed this post, subscribe to the Sootle RSS feed!.

Post a Comment

Sootle Weblog is proudly powered by WordPress Entries (RSS) and Comments (RSS). Theme by Bob

Copyright 2008, All Rights Reserved. Thanks for visiting a Performance Marketing Group Network Website. Advertise Here. Get A Free Link. Please visit one of our other quality websites.:
Thanks for visiting. News updated daily at Times Of The Internet Please visit the PerformanceCorporate Directory. Member of the Blog Republic.

Copyright 2003-2008, Sootle. Browse All Pages