• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Bot protection blocks a bot I need

wl-mh

New Pleskian
Server operating system version
Ubuntu 20.04
Plesk version and microupdate number
18.0.62 Update #1
Hello

When the bot protection is enable (Wordpress -> Security -> Bot protection) the following lines are added to /var/www/vhosts/system/*/conf/nginx.conf

if ($http_user_agent ~* "(?:acunetix|BLEXBot|domaincrawler\.com|LinkpadBot|MJ12bot/v|majestic12\.co\.uk|AhrefsBot|TwengaBot|SemrushBot|nikto|winhttp|Xenu\s+Link\s+Sleuth|Baiduspider|HTTrack|clshttp|harvest|extract|grab|miner|python-requests)") {
return 403;
}

I would like to grand access MJ12bot, because this is the data bot for my SEO tool Mangools, but still block all of the other bots. How can I do that? Where is the list of "bad bots" defined? I haven't found it in the database and the file system till now.

Thanks!
 
There currently isn't any method to adjust the list of bots of the WP toolkit "Bot protection" option.

There is an request on our UserVoice page to implement this feature, which you can vote for. Features that become popular might be considered for implementation into Plesk.
 
Ok, I can understand, that it is not customizable at the moment. But the current list must be defined on some place. Directly in the code?
 
Unfortunately it's not possible to adjust the list because it's hard coded.

What you can try as a workaround is to disabled the Bot protection option and instead add the same nginx directive to the "Additional nginx directives" of the domain (which can be found at the Hosting & DNS tab > Apache & nginx).

NGINX:
if ($http_user_agent ~* "(?:acunetix|BLEXBot|domaincrawler\.com|LinkpadBot|majestic12\.co\.uk|AhrefsBot|TwengaBot|SemrushBot|nikto|winhttp|Xenu\s+Link\s+Sleuth|Baiduspider|HTTrack|clshttp|harvest|extract|grab|miner|python-requests)") {
return 403;
}
 
Sure, this will work. But then, I need to add this code to all Websites (a lot) of the server per hand and Plesk will show the Wordpress instance as unsecure, because the Bot protection is disabled.

An alternative is, to write a small script which do a search and replace in all /var/www/vhosts/system/*/conf/nginx.conf files and (in case at least one file was changed) do a NGINX reload. This script needs to run very 10 minutes or so via cron. This should work but it is a dirty hack.
 
Back
Top