• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question Firewall rule to block bots

S

SalvadorS

Regular Pleskian
Server operating system version
Debian 12
Plesk version and microupdate number
18.0.61
Hello Everybody,

We have a bot called claudebot who is hitting very hard a site. This bot has 1300+ different IPs, so my question is:

It is possible to block a bot in the plesk firewall by his name for example?

Something like if UserAgent contains claudebot then block.

Thank you in advance
 
Thank you. The articles are very interesting and I will test it.

Only one question, fail2ban an plesk firewall are compatibles?
 
Amazonbot is now in aggresive mode and it uses thousands ips to bypass fail2ban. In last 12 hours it has performed more than 200K request to one of my plesk servers.
 
I use nginx for all my sites.
I have a rule for those Bad Bots

if ($http_user_agent ~* Paqlebot|Censys|Claudebot|serpstatbot|curl|Headless|ZyBorg) {

return 444;
}
Click to expand...
444 response in nginx means nginx will throw away the connection ( not using anymore resources for that request )
That way ANYTHING that identifies as that bot in the user agent header will be blocked.

You will need to put this in the nginx rules section of the domains affected..
 
Esperio said:
I came to a solution for this. I´ve created a gist explaining the steps to follow to block server wide all the ai training bots that are eating all resources from server:

gist.github.com

Block AI Bots Server-wide in Plesk or ModSecurity-powered Servers

Block AI Bots Server-wide in Plesk or ModSecurity-powered Servers - block-ai-bots-server-wide.md
gist.github.com gist.github.com

Plesk: you can use it if you want, but please give credits
Click to expand...

This might be a bit more efficient, especially than using Fail2Ban which has to scan quite a few log files at scale (and there is a delay in looking at those). That script looks like it needs exact matches so it would be nice if it supported wildcard bot names.
 
To follow-up on this thread, here is a quick way to take advantage of the built-in Plesk plesk-modsecurity jail which might handle requests a bit faster than scanning individual fail2ban regex/domain logs for bad bots user agent matches.

First, build a file in a path such as /mycustomdata/modsecurity/banned-user-agents.txt and add some banned user agents, one per line (keep in mind that this is both case insensitive and also finds any banned-user-agents.txt sub-string match in the browser's user agent). For example, a line in banned-user-agents.txt that contains "bad pleskybot" would match a user agent "A bad pleskybot 2.0" but not "bad plesky".

Now add this to your ModSecurity > Settings > Custom directives textarea:

# Block bots by User-Agent
SecRule REQUEST_HEADERS:User-Agent "@pmFromFile /mycustomdata/modsecurity/banned-user-agents.txt" "phase:1,id:100002,deny,status:403,t:none,log,msg:'Found User-Agent associated with security scanner',logdata:'Matched Data: illegal User-Agent found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'
Click to expand...

This approach immediately drops the request (via deny), returns a 403 header to the requestor, and logs it.
 
You must log in or register to reply here.

Similar threads

S
Resolved Problem tuning fail2ban
Replies
5
Views
10K
nisamudeen97
nisamudeen97
T
Issue Unbanning some IP addresses causes the server to be unresponsive
Replies
4
Views
958
TurabG
T
T
Question Fail2ban trying to setup a rule to ban ai bots
Replies
4
Views
3K
Bitpalast
Bitpalast
S
Question Rule to block in plesk firewall all traffic from ports that plesk does not use?
Replies
4
Views
974
SalvadorS
S
S
Issue Need Help Whitelisting GTM Noscript in Comodo WAF Rule 214540 on Plesk
Replies
1
Views
278
alvarezcruz
alvarezcruz
Back
Top