• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • Our UX team believes in the in the power of direct feedback and would like to invite you to participate in interviews, tests, and surveys.
    To stay in the loop and never miss an opportunity to share your thoughts, please subscribe to our UX research program. If you were previously part of the Plesk UX research program, please re-subscribe to continue receiving our invitations.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Bot protection blocks a bot I need

W

wl-mh

New Pleskian
Server operating system version
Ubuntu 20.04
Plesk version and microupdate number
18.0.62 Update #1
Hello

When the bot protection is enable (Wordpress -> Security -> Bot protection) the following lines are added to /var/www/vhosts/system/*/conf/nginx.conf

if ($http_user_agent ~* "(?:acunetix|BLEXBot|domaincrawler\.com|LinkpadBot|MJ12bot/v|majestic12\.co\.uk|AhrefsBot|TwengaBot|SemrushBot|nikto|winhttp|Xenu\s+Link\s+Sleuth|Baiduspider|HTTrack|clshttp|harvest|extract|grab|miner|python-requests)") {
return 403;
}

I would like to grand access MJ12bot, because this is the data bot for my SEO tool Mangools, but still block all of the other bots. How can I do that? Where is the list of "bad bots" defined? I haven't found it in the database and the file system till now.

Thanks!
 
There currently isn't any method to adjust the list of bots of the WP toolkit "Bot protection" option.

There is an request on our UserVoice page to implement this feature, which you can vote for. Features that become popular might be considered for implementation into Plesk.
plesk.uservoice.com

Bot protection in Wordpress Toolkit should include the option to exclude some bots

It should be possible to exclude some bots from "bot protection" option in Wordpress Toolkit, for example, Semrushbot is used for seo in sites, and it should remain active, or acunetix is a security scanner and users may want to use it, whlie blocking other unwanted bots.
plesk.uservoice.com
 
Ok, I can understand, that it is not customizable at the moment. But the current list must be defined on some place. Directly in the code?
 
Unfortunately it's not possible to adjust the list because it's hard coded.

What you can try as a workaround is to disabled the Bot protection option and instead add the same nginx directive to the "Additional nginx directives" of the domain (which can be found at the Hosting & DNS tab > Apache & nginx).

NGINX: 
if ($http_user_agent ~* "(?:acunetix|BLEXBot|domaincrawler\.com|LinkpadBot|majestic12\.co\.uk|AhrefsBot|TwengaBot|SemrushBot|nikto|winhttp|Xenu\s+Link\s+Sleuth|Baiduspider|HTTrack|clshttp|harvest|extract|grab|miner|python-requests)") {
return 403;
}
 
Sure, this will work. But then, I need to add this code to all Websites (a lot) of the server per hand and Plesk will show the Wordpress instance as unsecure, because the Bot protection is disabled.

An alternative is, to write a small script which do a search and replace in all /var/www/vhosts/system/*/conf/nginx.conf files and (in case at least one file was changed) do a NGINX reload. This script needs to run very 10 minutes or so via cron. This should work but it is a dirty hack.
 
You must log in or register to reply here.

Similar threads

T
Question Fail2ban trying to setup a rule to ban ai bots
Replies
4
Views
2K
Bitpalast
Bitpalast
IronDonDon
Plesk+LiteSpeedENT+WP Tookit rules
Replies
0
Views
2K
IronDonDon
IronDonDon
B
Forwarded to devs WordPress Toolkit brakes alle other Sites
Replies
3
Views
1K
B4c4rd1
B
Back
Top