[Split] Bytespider Attack

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Scam Warning
User avatar
a3035oc_web
Registered User
Posts: 54
Joined: Sun Aug 01, 2021 3:05 pm

[Split] Bytespider Attack

Post by a3035oc_web »

Split from viewtopic.php?p=15489551

Sorry to re-open such an old topic but the Bytespider access is really hitting my site ... I've tried robot.txt, the Spider/Bot config in phpBB and also .htaccess but whatever I tried they still get through ...

Most look like this:
GuestIP: 3.0.126.133 » Whois
'Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Mobile Safari/537.36'Bytespider;h
Seems to be AmazonAWS in Singapore & Japan.

Any more ideas?
Last edited by Mick on Wed May 24, 2023 11:15 am, edited 2 times in total.
Reason: Solved.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26822
Joined: Fri Aug 29, 2008 9:49 am

Re: Bytespider Attack

Post by Mick »

It seems you’re not the only one, the suggestions I see online point towards using the ‘Report Amazon AWS abuse’ form to report suspected abuse of AWS resources. Have you spoken to your hosts about it?
  • "The more connected we get the more alone we become” - Kyle Broflovski© 🇬🇧
User avatar
a3035oc_web
Registered User
Posts: 54
Joined: Sun Aug 01, 2021 3:05 pm

Re: Bytespider Attack

Post by a3035oc_web »

Reported it to my hosting company but they didn't know much more that I did. I added entries to robots.txt and also used the robots/spiders entries in phpbb as well as blocking some of the common IP ranges that it was showing. But even then I was often seeing 6 or 7 anonymous entries in "Who's online".

So reported possible abuse to AmazonAWS and slowly the traffic dropped off and now I'm not seeing any (but then I don't spend all my time monitoring who is online!).

I'm assuming they had a runaway web crawler or someone was abusing their services ..
HB
Registered User
Posts: 229
Joined: Mon May 16, 2005 9:30 pm

Re: [Split] Bytespider Attack

Post by HB »

Another option is using Cloudflare's Web Application Firewall (WAF). With that, you specify a user agent match (e.g., go to Security > WAF and add match for user agent contains "Bytespider") and it's blocked before it even accesses your host server.
Dan Kehn
User avatar
Galixte de EzCom
Registered User
Posts: 1106
Joined: Mon Oct 04, 2004 11:14 pm
Location: France
Name: Raphaël M.

Re: [Split] Bytespider Attack

Post by Galixte de EzCom »

The last week I encountered the same problem, I used this code in .htaccess:

Code: Select all

<RequireAll>
	Require not host .ap-southeast-1.compute.amazonaws.com
	Require not ip 47.128.0.0/16
	Require all granted
</RequireAll>
The Bytespider bot from Bytedance (TikTok) disappeared instantly.
Communau EzCom
📖 « Traductions d’extensions & styles pour phpBB 3.2.x & 3.3.x ».
📋 Lists of all extensions identified for phpBB 3.1.x & 3.2.x.
📋 Lists of all styles identified for phpBB 3.1.x & 3.2.x.
Image Tu as un forum et tu veux aussi un site web ? Regarde par ici.
User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 6267
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.

Re: [Split] Bytespider Attack

Post by thecoalman »

You are blocking a range and this can be problematic if legitimate services are in that range. Specifically with AWS duckduckgo uses their services.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”

Attributed - Thomas Edison
User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 6767
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James

Re: [Split] Bytespider Attack

Post by HiFiKabin »

I use Jeff Stars .htaccess bad bot blocking code which is available from his site or from my extensions site where I have incorprated it into the phpBB .htaccess and added bytespider and bytedance
User avatar
Galixte de EzCom
Registered User
Posts: 1106
Joined: Mon Oct 04, 2004 11:14 pm
Location: France
Name: Raphaël M.

Re: [Split] Bytespider Attack

Post by Galixte de EzCom »

thecoalman wrote: Sat Mar 09, 2024 2:30 pm You are blocking a range and this can be problematic if legitimate services are in that range. Specifically with AWS duckduckgo uses their services.
This whole range is dedicated to AMAZON in Singapore, I don't care about their servers there.
HiFiKabin wrote: Sat Mar 09, 2024 5:05 pm I use Jeff Stars .htaccess bad bot blocking code which is available from his site or from my extensions site where I have incorprated it into the phpBB .htaccess and added bytespider and bytedance
As always, I appreciate your valuable contribution, and thank you for sharing this extension.
Communau EzCom
📖 « Traductions d’extensions & styles pour phpBB 3.2.x & 3.3.x ».
📋 Lists of all extensions identified for phpBB 3.1.x & 3.2.x.
📋 Lists of all styles identified for phpBB 3.1.x & 3.2.x.
Image Tu as un forum et tu veux aussi un site web ? Regarde par ici.

Return to “phpBB Discussion”