Debugging Techniques for BotBanish

Started by Randem, February 28, 2018, 03:10:37 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Randem

#1
February 28, 2018, 03:10:37 PM
One of the most helpful things to do to rectify a situation is to determine just what the issue is. I will go over a few things to make finding an issue or verifying that an issue does not exist.

BotBanish is very aggressive in it's approach to bot detection. the approach is "If it walk like a bot and talks like a bot then it probably is a bot" and it gets locked out. So sometime legitimate users get locked out for doing some relatively dumb things that a bot would do. I.E. keep attempting to logon too many times when it is obvious that they do not remember the password. This is like a bot attempting a brute force attack to gain access to you system. An intelligent user would use the "Forgot Password" link and not keep trying passwords, a bot would not. So if the user keeps acting like a non-intelligent bot; they would get locked out for doing non-intelligent things.

If any device on a shared IP gets locked out the every device on the shared IP gets locked out. This means that in a site where the internet is shared between different devices, they also share the same external IP address (unless the devices have a static IP address). This mean that a site that has 100 devices attached, and any one of the devices commits an issue that get it locked out; then ALL 100 devices are locked out also. It is up to the user to fix the assault from their side before the site (IP) can be unblocked. It BotBanish unblocks the IP and the user has not fixed the issue, the IP is likely to get locked out again. This is usually the result of password brute force login attack which may not be intended but is very much real and must be dealt with by the user.

The main purpose of BotBanish is to provide protection from
Spammers, Denial Of Service (DOS) and Brute force login attacks.

  • Bot / User Being Denied Access to Your System and You Want It To Have Access

    Check your servers error log for entries. It will determine if a bot or user is actually being denied access to your system.
    If a bot / user is being denied access and you want to allow it access; there are a few ways to do this. You may need to do all of them.

    • Find the IP address of the entry in the root .htaccess then remove the deny from entry for that IP

    • Remove the IP address from the BotBanish table in your database (botbanishclient_ip).

    • Add the IP address to the BotBanish table (botbanishclient_ip_dnb). This will permanently allow the IP on your system even if the BotBanish server blocks it.

    • If the entry in your .htaccess file designates a bot by its User-Agent. You will need to remove the SetEnvIfNoCase entry that blocks that user-agent.

    • Add the bot user-agent information to the user-agent-part field of the BotBanish Spider Override table in the database (botbanishclient_spiders_bad).

  • Bot / User Having Access to Your System and You Want it to Stop

    This may occur if the BotBanish server has not yet locked out the IP or User-Agent. This can be due to a bot / user has not reached the BotBanish threshold to lock them out or BotBanish has determined that this is a good user /bot. The Client still has the option of locking the bot / user out if they so choose by one or more of the following:

    • Adding the IP to the BotBanish table (botbanishclient_ip).

    • Add a deny IP entry to the .htaccess file.

    • Add a SetEnvIfNoCase user-agent deny entry to the .htaccess file.

  • Overriding BotBanish Detection Mechanism

    https://randemsystems.support/botbanish-general-questions-report-bugs-problems-etc/overriding-botbanish-detections/

Print
Go Up Pages1
User actions