• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Bot protection blocks a bot I need

W

wl-mh

New Pleskian
Server operating system version
Ubuntu 20.04
Plesk version and microupdate number
18.0.62 Update #1
Hello

When the bot protection is enable (Wordpress -> Security -> Bot protection) the following lines are added to /var/www/vhosts/system/*/conf/nginx.conf

if ($http_user_agent ~* "(?:acunetix|BLEXBot|domaincrawler\.com|LinkpadBot|MJ12bot/v|majestic12\.co\.uk|AhrefsBot|TwengaBot|SemrushBot|nikto|winhttp|Xenu\s+Link\s+Sleuth|Baiduspider|HTTrack|clshttp|harvest|extract|grab|miner|python-requests)") {
return 403;
}

I would like to grand access MJ12bot, because this is the data bot for my SEO tool Mangools, but still block all of the other bots. How can I do that? Where is the list of "bad bots" defined? I haven't found it in the database and the file system till now.

Thanks!
 
There currently isn't any method to adjust the list of bots of the WP toolkit "Bot protection" option.

There is an request on our UserVoice page to implement this feature, which you can vote for. Features that become popular might be considered for implementation into Plesk.
plesk.uservoice.com

Bot protection in Wordpress Toolkit should include the option to exclude some bots

It should be possible to exclude some bots from "bot protection" option in Wordpress Toolkit, for example, Semrushbot is used for seo in sites, and it should remain active, or acunetix is a security scanner and users may want to use it, whlie blocking other unwanted bots.
plesk.uservoice.com
 
Ok, I can understand, that it is not customizable at the moment. But the current list must be defined on some place. Directly in the code?
 
Unfortunately it's not possible to adjust the list because it's hard coded.

What you can try as a workaround is to disabled the Bot protection option and instead add the same nginx directive to the "Additional nginx directives" of the domain (which can be found at the Hosting & DNS tab > Apache & nginx).

NGINX: 
if ($http_user_agent ~* "(?:acunetix|BLEXBot|domaincrawler\.com|LinkpadBot|majestic12\.co\.uk|AhrefsBot|TwengaBot|SemrushBot|nikto|winhttp|Xenu\s+Link\s+Sleuth|Baiduspider|HTTrack|clshttp|harvest|extract|grab|miner|python-requests)") {
return 403;
}
 
Sure, this will work. But then, I need to add this code to all Websites (a lot) of the server per hand and Plesk will show the Wordpress instance as unsecure, because the Bot protection is disabled.

An alternative is, to write a small script which do a search and replace in all /var/www/vhosts/system/*/conf/nginx.conf files and (in case at least one file was changed) do a NGINX reload. This script needs to run very 10 minutes or so via cron. This should work but it is a dirty hack.
 
You must log in or register to reply here.

Similar threads

T
Question Fail2ban trying to setup a rule to ban ai bots
Replies
4
Views
1K
Bitpalast
Bitpalast
IronDonDon
Plesk+LiteSpeedENT+WP Tookit rules
Replies
0
Views
1K
IronDonDon
IronDonDon
B
Forwarded to devs WordPress Toolkit brakes alle other Sites
Replies
3
Views
923
B4c4rd1
B
Back
Top