Limit bot sessions

Get help with installation and running phpBB 3.3.x here. Please do not post bug reports, feature requests, or extension related questions here.
Hervé
Registered User
Posts: 481
Joined: Tue Jun 04, 2019 7:51 am
Location: Belgium
Name: Rudy

Re: Limit bot sessions

Post by Hervé »

Mick wrote: Fri Jun 14, 2024 9:35 amI added it as is to one board that was having issues and the bad bots are gone.
I think you should have written "the bad bot is gone".
Yes, it works, but one bot at a time i.e. one line per bot in .htaccess : each time I see a lot of guests I must identify that bot and add a line.
Hervé wrote: Sun Jun 09, 2024 8:50 amI would like to avoid blocking bots one by one ...
I would like to limit the number of cessions a same bot can initiate whatever the bot or possibly limit the total number of bot cessions.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26715
Joined: Fri Aug 29, 2008 9:49 am

Re: Limit bot sessions

Post by Mick »

Hervé wrote: Fri Jun 14, 2024 9:46 amI think you should have written "the bad bot is gone"
No, it’s plural, there was a bunch of them.

With the .htaccess addition, as mentioned, there’s no need to be adding anything. I installed it and I’ve not touched it since.
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel©
🇬🇧
Hervé
Registered User
Posts: 481
Joined: Tue Jun 04, 2019 7:51 am
Location: Belgium
Name: Rudy

Re: Limit bot sessions

Post by Hervé »

Sorry, I didn't understand what exactly you added in .htaccess, I thought it was simply something like "BrowserMatchNoCase "claudebot" bad_bot",
is it the whole 200 lines of HiFiKabin code ?
@HiFiKabin
HiFiKabin wrote: Thu Mar 28, 2024 6:00 pm The Block Bad Bots HTACCESS I have on my extensions board might block it as it is, and/or you can add Claudebot to the list of blocked bots
You says this .htaccess extension blocks bad bots.
What do you call "bad"?
Does your implementation also block guests who don't necessarily slow down the board but open many cessions at the same time?
User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 6731
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James

Re: Limit bot sessions

Post by HiFiKabin »

Hervé wrote: Fri Jun 14, 2024 10:01 am Does your implementation also block guests who don't necessarily slow down the board but open many cessions at the same time?
No, it does not take those into account. For more details please see the authors website https://perishablepress.com/8g-firewall/
Hervé
Registered User
Posts: 481
Joined: Tue Jun 04, 2019 7:51 am
Location: Belgium
Name: Rudy

Re: Limit bot sessions

Post by Hervé »

Thanks, so the 8G firewall, while very nice, is not what I'm looking for.
What about
Hervé wrote: Fri Jun 14, 2024 9:19 amphpBB "knows" that it is a bot : could we imagine a phpBB function which automatically closes exceeding cessions from the same bot ?
User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 6731
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James

Re: Limit bot sessions

Post by HiFiKabin »

Hervé wrote: Fri Jun 14, 2024 10:36 am phpBB "knows" that it is a bot : could we imagine a phpBB function which automatically closes exceeding cessions from the same bot ?
That would need an extension
Hervé
Registered User
Posts: 481
Joined: Tue Jun 04, 2019 7:51 am
Location: Belgium
Name: Rudy

Re: Limit bot sessions

Post by Hervé »

Is it feasable ?
How to ?
User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 6731
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James

Re: Limit bot sessions

Post by HiFiKabin »

I would think its feasible, but well above my pay grade I am afraid
Hervé
Registered User
Posts: 481
Joined: Tue Jun 04, 2019 7:51 am
Location: Belgium
Name: Rudy

Re: Limit bot sessions

Post by Hervé »

You can easily display the guests list.
So they are recorded somewhere, I suppose in the DB and there is a process which adds a guest to that list : it knows its IP.
That process could check it there is another cession with the same IP and deny the new one.
Well, it's easy to say, it's all about knowing how and where, it's far bove my level too.
User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 6042
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.

Re: Limit bot sessions

Post by thecoalman »

Hervé wrote: Fri Jun 14, 2024 9:19 am I understand that, except with tools like Cloudflare, it is difficult to prevent a bot from opening too many cessions.
Cloudflare can most certainly identify bots by user agent and so much more. The issue you may encounter is the limited functionality with the free plan.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”

Attributed - Thomas Edison
rxu
Extensions Development Team
Posts: 3804
Joined: Wed Oct 25, 2006 12:46 pm
Location: Siberia, Russian Federation

Re: Limit bot sessions

Post by rxu »

As far as it comes to phpBB, registering a bot in ACP with the appropriate useragent part (facebookexternalhit here) will restrict the bot to only 1 phpBB session.
Hervé
Registered User
Posts: 481
Joined: Tue Jun 04, 2019 7:51 am
Location: Belgium
Name: Rudy

Re: Limit bot sessions

Post by Hervé »

Certainly, but it's the same problem than with .htaccess : you must specify each bot individually !
Hervé wrote: Fri Jun 14, 2024 9:46 am
Hervé wrote: Sun Jun 09, 2024 8:50 amI would like to avoid blocking bots one by one ...
I would like to limit the number of cessions a same bot can initiate whatever the bot or possibly limit the total number of bot cessions.
Is it possible to restrict any bot to only one phpBB session whether declared or not.
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 28815
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier

Re: Limit bot sessions

Post by Paul »

Limiting it in phpBB (And in my opinion even in .htaccess) is too late. Having it all limited within phpBB, all requests still make it to the server, and use server resources. Having it listed as bot will limit the amount of entries in the sessions tables, but it will still use all other server resources to buildup the page.
Limiting it in .htaccess is a bit better, but it still will consume the bandwidth to the server, and the resources to get it checked. It is already a step better, but still if there are a lot requests, it uses a lot resources. You want to block it as early as possible, and preferably before it arrives at your hosting.
User avatar
P_I
Community Team Member
Community Team Member
Posts: 2408
Joined: Tue Mar 01, 2011 8:35 pm
Location: Western Canada 🇨🇦

Re: Limit bot sessions

Post by P_I »

Bad bots, like spammers, are a whac-a-mole problem. It is impossible to identify them as a "class". Once defenses are built then new ones emerge.

From my perspective you either pay for a service like Cloudflare to deal with these bad bots or you need to regularly monitor and update your phpBB settings.

Start first with ACP->Spiders/Robots to manage their sessions. Next defense is using robots.txt in the hope that they follow the standard. Next line is something like .htaccess settings or perhaps building and maintaining a firewall solution.
Normal people… believe that if it ain’t broke, don’t fix it. Engineers believe that if it ain’t broke, it doesn’t have enough features yet. – Scott Adams
Hervé
Registered User
Posts: 481
Joined: Tue Jun 04, 2019 7:51 am
Location: Belgium
Name: Rudy

Re: Limit bot sessions

Post by Hervé »

I think it must be rare for a non-bot user to open multiple cessions at the same time.
Since it's not possible to identify a bot, why not just cancel any multiple cession ?
In practice, when a user connects, it is enough to check whether a connection is already open with the same IP, in which case the new connection is refused.

Return to “[3.3.x] Support Forum”