A Bot Trap

MiY4Gi · July 22, 2011, 05:16:26 PM

I also came across this website: http://www.kloth.net/internet/bottrap.php.

It basically puts a hidden link on your websites homepage, and blocks the link using the robot.txt file, then any bots that disobey the robots file get blocked, either by the .htaccess file, or a php file.

It would be a great addition to forums, especially now that bots are causing so much havok. I'm gonna see if I can implement one of the bot traps, then I'll give you guys feedback.

There's also:

http://www.spampoison.com/

http://danielwebb.us/software/bot-trap/

What do you guys think? Have you tried any of these. It's an excellent idea. I was thinking of something similar, but I decided to Google to see if it was done before.

青山素子 · July 22, 2011, 05:48:57 PM

I use Project Honey Pot (yes, it's a referal link, no I don't actually get anything from it, but the operators of the service use it to track word-of-mouth - don't like that? remove the rf part from the URL yourself).

As a bonus, if you set up a honeypot, you get an API key to use their collected database as proection. The httpbl modification for SMF uses this to help protect your installation.

busterone · July 22, 2011, 06:00:49 PM

Seconded on Project HoneyPot. Excellent service.

MiY4Gi · July 22, 2011, 08:27:46 PM

When using Project Honey Pot, if a new bot attacks my site, how long will it take before my site blocks the bot?

busterone · July 22, 2011, 10:15:43 PM

That depends on how many other sites it visits that also have a honeypot. The bots are rated by threat level. Number of honeypots visited, frequency of hits, and date last seen. You have control in your admin panel on what threat level threshold you want to start blocking them at. See the support topic for httpBL for more info on how it works, as well as the Project HoneyPot site.
Most of the bots handles by Honeypot are spambots. If you are concerned about more malicious type bots, you may want to look at the Forum Firewall mod or Bad Behavior Mod.

MiY4Gi · July 23, 2011, 06:44:34 AM

I see butchs recommends these mods:

Proxy Firewall.
Htaccess protection such as blocking nasty ip addresses, CrawlProtect and GeoIP.
Forum Firewall (this mod).
Bad Behavior mod.
Project Honeypot.
Stop Spammer.

Seems a little too much though. How much of those do I really need?

All I want is something to prevent malicious bots from browsing my site, not from registering. I got 3 content-related verification questions which spammers won't be able to answer. I won't have a problem with spammers registering, however I do have a problem with bots chowing my bandwidth, and wrecking havok on my server.

I'm thinking, Project Honeypot, Forum Firewall, and possibly Bad Behavior mod.

busterone · July 23, 2011, 10:34:43 AM

Layered protection is best, but overkill will waste your resources and slow your site down. The verification questions alone will stop most bot registrations. I would recommend no more than two more anti spam mods myself, one being httpBL/honeypot.

ShadyX · July 30, 2011, 03:31:52 PM

I use a mix of cloudflare and project honeypot. Works great#!

butchs · July 30, 2011, 04:56:45 PM

Quote from: MiY4Gi on July 23, 2011, 06:44:34 AM
I'm thinking, Project Honeypot, Forum Firewall, and possibly Bad Behavior mod.

I now use CrawlProtect, Cloudflare, Forum Firewall, Bad Behavior in strict mode with project honeypot enabled and stop spammer mod.

Cloudflare does most of the work and reduces resource usage. Bad Behavior is second and does well when Cloudflare and/ or project honeypot goes down. Stop spammer catches a few bad guys during login. Forum Firewall will catch the occasional assault and keeps the bandwidth suckers at bay. CrawlProtect catches something once every few months.

I will feel safe with just: Forum Firewall, Bad Behavior in strict mode with project honeypot enabled and stop spammer.

News:

A Bot Trap