Oops I left my .htaccess file with no coding on it.

Discussion in 'General Chat' started by david62311, Dec 13, 2018.

  1. david62311

    david62311 Well-Known Member

    Joined:
    Aug 29, 2013
    Messages:
    2,107
    Likes Received:
    235
    I was updating the coding on my .htaccess file and was on my PC one night trying to figure out what could of blocked something in the Webid Script that was coded in the .htaccess file. I had removed all of the coding from my .htaccess file and I shut down my PC and forgot to put the coding back on my .htaccess file leaving it blank and my site vulnerable to all of the bots that have been poking at my site for years.

    I recently gutted my site and started over keeping my inactive users on there. I had a few test items up on my updates site starting with item.php?id=1. The bots couldn't get access to my site until I left the coding off of my .htaccess file. Now the bots keep trying to peck at item.php?id=1 and I have deleted it the item completely and it's not in the database. The bots are still coming trying to hit that link about 300 times per day even though they get blocked out from my .htaccess code. All they see is a 403 access denied page.

    I had nothing but gibberish on item.php?id=1 page. I didn't even type proper words. It was whatever keys I hit on my keyboard just so, I could see a test item. I get tired of naming them test item 1, 2, 3, 4 etc. so, I just typed randomly. These bots were very attracted to my item.php?id=1 item and they still are even thought I deleted it a couple of weeks ago. They get one little glimpse of the page and they are hooked on it. I got 126 hits today in my visitor log showing a 403 access denied error page instead.

    What's funny is when I make an adjustment to block the bots, the bots can sense a change in the coding and they stop coming for a day or two and may or may not come back. Today I released the .htaccess blocking code to allow the bots to come in and when they go to item.php?id=1 and it takes them to the message.php page. I replaced the coding on the message.php to look like this.

    capture-20181213-002023.png

    If a human on the other side that is controlling the bots sees this then, they will totally ruin their pants. LOL

    I am only going to keep this page on my site temporarily just to see what happens. Adding some harmless humor to my Webid site will allow me to have some fun with the bots.
     
    hhavatar and nay27uk like this.
  2. david62311

    david62311 Well-Known Member

    Joined:
    Aug 29, 2013
    Messages:
    2,107
    Likes Received:
    235
    One odd thing about the bots that are constantly triggering a log in my visitor for my non existent item.php?id=1 is that the visitor doesn't leave a footprint. What I mean is if I try to go to the link, it connects me to message.php page and things like photos get recorded into the visitor log. A bot looking at the item.php?id=1 doesn't trigger much of anything. This doesn't have much to do with my .htaccess blocks because I removed the code from it and tested things out and the bots still visited item.php?id=1 and didn't trigger anything else but, the id=1 link.

    One thought I had was these spam bots have no interest in the item at all. It's the other links like the register.php link that the spam bots are interest in. It would be the perfect way to visit a Webid site and then register through the register.php link verses going to the index.php page. If a visitor goes to the index.php then it's going to trigger all of the items showing in the visitor log. If a bot went to the index.php page and didn't trigger all of the items then the admin would most likely see it in the visitor. The spam bots try NOT to attract a lot of attention so, going through an item page definitely will not attract a lot of attention.

    It's just very odd that a bot visitor doesn't trigger other links. It's like they are looking in from the outside but, not coming in. It's probably a good assumption too. There is probably a way to verify a visitor is a bot or human by triggering another link or image on each page a visitor visits. If they don't trigger the image or logo then deny them.
     

Share This Page