Fake bot plugin #2228
Comments
|
As Luasocket library is using POSIX function IPs with slow reverse record resolving:
|
|
wow, that's true... I didn't think about this kind of problem! ➜ ~ time host -t PTR 192.165.48.59 1.1.1.1
Host 59.48.165.192.in-addr.arpa not found: 2(SERVFAIL)
0,00s user 0,01s system 0% cpu 3,941 total
➜ ~ time host -t PTR 45.141.84.214 1.1.1.1
Host 214.84.141.45.in-addr.arpa not found: 2(SERVFAIL)
0,00s user 0,00s system 0% cpu 8,516 totalweird... why this happens? |
|
Because of the slow / not working DNS servers which are set for resolving PTR records of these IPs. For example, PTR record for IP 45.141.84.214 is saved (or should be) in these DNS servers: None of them is working, at least from my location. |
|
Plugin registry PR: coreruleset/plugin-registry#4 |
|
@dune73 @lifeforms --^ |
|
Repo for new plugin created https://github.com/coreruleset/fake-bot-plugin I have also added the plugin into the registry, which is formally too early, but that way @azurit can get on with the work. |
Uh oh!
There was an error while loading. Please reload this page.
Motivation
As we all know, many bots are fakeing
User-Agentheader to look like a, i.e., Googlebot. In lots of cases, users are trusting this header and, for example, are not applying so high restrictions for such requests. Anyway, behavior where anyone is fakeing anything to get something more is considered bad (or should be). This plugin is able to detect and block such requests.Proposed solution
This is an alternative and more general version of Fake Googlebot plugin.
As @theMiddleBlue suggested, this version of plugin is using DNS PTR records for checking if a bot is real or fake. Plugin consists of these parts:
Currently, plugin is able to detect these fake bots:
Prototype of this plugin is ready.
Plugin registry PR: coreruleset/plugin-registry#4.
The text was updated successfully, but these errors were encountered: