Randem Systems Support Board

BotBanish will lock IP addresses out for the following indiscretions which are determined to be bot activity:

• Attempting to login too many times. This has a user defined value, the default is 30.
  
  
• Auto filling of registration page information. This is how some bots will attack systems to gain access. Some user extensions that auto fill page entries may trigger this also.
  
  
• Bad or empty user-agent information.
  
  
• Repeated attempts to access system very quickly in short successions, default is 30.
  
  
• Fake email addresses that are found in our database or dynamically determined to be fake.
  
  
• User or bot attempting to spoof a known good bot.
  
  
• User coming from a bad, invalid or blacklisted domain, URL, IP address or country.
  
  
• Multiple IP's coming from the same segment searching for content, default is 25.
  
  
• IP's with no associative domain.
  
  

The usage of BotBanish can be confusing without knowing how it works. We will attempt to explain some basics do's and don'ts. The difference between being "Locked Out" and being "Blocked" are as follows. A lockout occurs in BotBanish when BotBanish determines an IP address is behaving like a bot. The IP address is redirected to a Google Search Page. A "blocked" IP address never gets access to the system because it is blocked in the .htaccess file and does not get the chance to abuse the system. This will be redirected to an Apache error document page. NGINX does not use an .htaccess file but Apache with NGINX cache proxy does.

BotBanish will Lockout IP addresses using the following Document Errors:

400 - Bad Request

The HyperText Transfer Protocol (HTTP) 400 Bad Request response status code indicates that the server cannot or will not process the request due to something that is perceived to be a client error (for example, malformed request syntax, invalid request message framing, or deceptive request routing).

401 - Unauthorized

The HyperText Transfer Protocol (HTTP) 401 Unauthorized response status code indicates that the client request has not been completed because it lacks valid authentication credentials for the requested resource.

This status code is sent with an HTTP WWW-Authenticate response header that contains information on how the client can request for the resource again after prompting the user for authentication credentials.

404 - Not Found

The HTTP 404 Not Found response status code indicates that the server cannot find the requested resource. Links that lead to a 404 page are often called broken or dead links and can be subject to link rot.

A 404 status code only indicates that the resource is missing: not whether the absence is temporary or permanent.

405 - Method Not Allowed

The HyperText Transfer Protocol (HTTP) 405 Method Not Allowed response status code indicates that the server knows the request method, but the target resource doesn't support this method.

The server must generate an Allow header field in a 405 status code response. The field must contain a list of methods that the target resource currently supports.

406 - Not Acceptable

The HyperText Transfer Protocol (HTTP) 406 Not Acceptable client error response code indicates that the server cannot produce a response matching the list of acceptable values defined in the request's proactive content negotiation headers, and that the server is unwilling to supply a default representation.

BotBanish will Block IP addresses using the following Document Error:

410 - Gone

The HyperText Transfer Protocol (HTTP) 410 Gone client error response code indicates that access to the target resource is no longer available at the origin server and that this condition is likely to be permanent.

These conditions are the default that BotBanish placed in the .htaccess file. BotBanish places this protection in the .htaccess file.