Stop 'bots using apache, etc. or php?

kathy@accessone.com
Wed, 31 Jul 96 09:32:48 PDT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David Reilly: "Re: netscape spec for RDM"
Previous message: Nick Arnett: "Re: netscape spec for RDM"

Can the access or authentication modules available with apache
and similar servers be configured to stop 'bots?
As you know, it is more productive to use the web server (or php for
that matter) to stop an errant 'bot, rather than using your hardware
router. If the errant 'bot is being operated from a large isp, you
don't want to block all services to that isp, merely the errant robot
operator from your web services.
Does anyone have any information or success with using one of the
modules or php to block errant 'bots? Could you supply the information?
Information about apache modules :
<http://www.zyzzyva.com/server/module_registry/>
Information about php :
<http://www.vex.net/php>

I have not carefully studied norobots.pl or robots deny text. But it
seems to me that this very fine script relies on the robot operator properly
identifying his robot with user-agent, referrer etc., and not changing the
name of the robot. If someone wanted to hammer a site, they would only have
to make some changes to the robot, and wreak havoc on your server.
As you know, an errant 'bot can do as much damage or more to a server
as a fping floodping attack, and I am very concerned about the lack of
protection available to websites against your robots. There are utilities
and other techniques widely available to stop fping and other internet
nuisances, but I know of very few defenses against errant 'bots. Has anyone
seen any defenses against 'bots?
Thank you in advance for your frank criticism, your ideas,
and your flames.

Next message: David Reilly: "Re: netscape spec for RDM"
Previous message: Nick Arnett: "Re: netscape spec for RDM"