Hello and welcome to our community! Is this your first visit?
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    Regular Coder
    Join Date
    Sep 2002
    Thanked 27 Times in 26 Posts

    php and bot protection

    I keep going back to this for some reason. I've been to numerous pages on the internet about how to combat
    bots. Each wants you to check and see if the HTTP_USERAGENT is a bot. Doesn't this seem kinda backwards
    from the normal way things are checked? I mean instead of checking a mega long list of bad bots or having to add
    each and every one to an htaccess file, shouldn't we just be checking the useragent or servename against an 'accepted'
    list of urls and send the rest back? Like a login check does or a doorman at a club? You ain't on the list, go home!
    Just wondering since new bots come out every day. And which is better to compare useragent or servername?

    Just seems like there should be an easier way.
    NO Limits!! DHCreationStation.com
    For projects using MediaTypes (MIMETypes) visit E-BAM.net -(updated weekly)

    Broken items wanted for tinkerin'! PostItNow@BrokenEquipment.com
    Global Complaint Dept.

  2. #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Saskatoon, Saskatchewan
    Thanked 2,668 Times in 2,637 Posts
    Blacklisting is typically easier to maintain than whitelisting is, but again it depends completely on purpose.

    Its simply the assumption that everything is good until you need to say its not good. It allows everyone to play ball until you say otherwise.

    If you whitelist instead, you say that nobody can play ball until you've said they can. That means if you don't keep on top of it, potentially nobody can play when new browsers are rolled out.

    Of course this only applies to bots that want to play ball, but decide they'll ask. Nothing makes me identify myself as anything more than I want to. I could identify myself as "Fou-Lu's Chariot" if I wanted to, and the same applies to bots which I can identify as "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:25.0) Gecko/20100101 Firefox/25.0" if I wanted to.

    Also, $_SERVER['SERVER_NAME'] refers to the apache server name. Any request should have the same information from the same script which should be your domain name. Useragent is provided by the client and is optional.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 
    Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts