Closed respbuy closed 4 months ago
Thanks Mitchel for the quick commit. I see you have added " BrowserMatchNoCase "(?:\b)axios(?:\b)" bad_bot " in globalconfig file. I did the same in useragent blacklist file but it didnt work. Just fyi, are you sure if this will work?
Thanks Mitchel for the quick commit. I see you have added " BrowserMatchNoCase "(?:\b)axios(?:\b)" bad_bot " in globalconfig file. I did the same in useragent blacklist file but it didnt work. Just fyi, are you sure if this will work?
It should work as we match without any numbers on the end which inevitably change all the time. Please test and confirm and let me know.
Hello Mitchell
It is not working, i am still getting flood , see below: 13.201.19.39 - - [02/Mar/2024:06:15:30 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 610 "https://respbuy.com/my-account/" "axios/1.6.7" 13.201.19.39 - - [02/Mar/2024:06:15:31 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 3676 "https://respbuy.com/my-account/" "axios/1.6.7" 13.201.19.39 - - [02/Mar/2024:06:15:31 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 3676 "https://respbuy.com/my-account/" "axios/1.6.7" 13.201.19.39 - - [02/Mar/2024:06:15:31 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 3676 "https://respbuy.com/my-account/" "axios/1.6.7" 13.201.19.39 - - [02/Mar/2024:06:15:31 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 3676 "https://respbuy.com/my-account/" "axios/1.6.7" 13.201.19.39 - - [02/Mar/2024:06:15:31 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 610 "https://respbuy.com/my-account/" "axios/1.6.7" 13.201.19.39 - - [02/Mar/2024:06:15:32 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 3676 "https://respbuy.com/my-account/" "axios/1.6.7" 13.201.19.39 - - [02/Mar/2024:06:15:32 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 610 "https://respbuy.com/my-account/" "axios/1.6.7" 13.201.19.39 - - [02/Mar/2024:06:15:33 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 3676 "https://respbuy.com/my-account/" "axios/1.6.7" 13.201.19.39 - - [02/Mar/2024:06:15:33 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 3676 "https://respbuy.com/my-account/" "axios/1.6.7" 13.201.19.39 - - [02/Mar/2024:06:15:33 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 3676 "https://respbuy.com/my-account/" "axios/1.6.7"
RespBuy
Have you tested other agents in my lists to see it's catching them?
curl -A "Discobot" http://yourdomain.com
curl -A "Octopus" http://yourdomain.com
Also scan your logs for all "403" errors to see others are being caught and if it's only axios that's not
Please see below the curl outcome.
root@respbuy-mumbai:~# curl -A "Discobot" https://respbuy.com <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
You don't have permission to access this resource.
root@respbuy-mumbai:~# curl -A "Octopus" https://respbuy.comYou don't have permission to access this resource.
RespBuy
Respbuy is the largest online store for medical equipment, products, supplies, and medical devices. Genuine Price | Warranty | Free Shipping*
I added two new tests to the build script and it is blocking it in both forms
<title>403 Forbidden</title>
<h1>Forbidden</h1>
PASSED - AXIOS BAD BOT DETECTED
<title>403 Forbidden</title>
<h1>Forbidden</h1>
PASSED - AXIOS BAD BOT DETECTED
the tests
run_curltest13 () {
if curl -A "axios" http://localhost:80/index.html 2>&1 | grep -i 'Forbidden'; then
echo "${bold}${green}PASSED - ${red}AXIOS BAD BOT DETECTED"
else
echo "${bold}${red}FAILED - ${red}AXIOS BAD BOT NOT DETECTED"
exit 1
fi
}
run_curltest14 () {
if curl -A "axios/1.6.7" http://localhost:80/index.html 2>&1 | grep -i 'Forbidden'; then
echo "${bold}${green}PASSED - ${red}AXIOS BAD BOT DETECTED"
else
echo "${bold}${red}FAILED - ${red}AXIOS BAD BOT NOT DETECTED"
exit 1
fi
}
Thanks Mitchel for the quick commit. I see you have added " BrowserMatchNoCase "(?:\b)axios(?:\b)" bad_bot " in globalconfig file. I did the same in useragent blacklist file but it didnt work. Just fyi, are you sure if this will work?
Remove them from any other include files and just leave the one that is now in globalblacklist.conf
Please see below the curl outcome.
root@respbuy-mumbai:~# curl -A "Discobot" https://respbuy.com
403 Forbidden Forbidden
You don't have permission to access this resource.
root@respbuy-mumbai:~# curl -A "Octopus" https://respbuy.com
403 Forbidden Forbidden
You don't have permission to access this resource.
RespBuyRespbuy - Online Store for Medical Equipment & AccessoriesRespbuy is the largest online store for medical equipment, products, supplies, and medical devices. Genuine Price | Warranty | Free Shipping*
My test
curl -A "axios" https://respbuy.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
</body></html>
RespBuy
Respbuy is the largest online store for medical equipment, products, supplies, and medical devices. Genuine Price | Warranty | Free Shipping*
Ok, I have now removed the config from other file (blacklist-user-agents.conf). Let me test and come back.
Seems fine from my side
$ curl -A "axios" https://respbuy.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
</body></html>
$ curl -A "axios/1.6.7" https://respbuy.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
</body></html>
$ curl -A "axios/1.6.7.10.22.555" https://respbuy.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
</body></html>
Thanks for checking but i still see many floods in access.log
13.232.155.149 - - [02/Mar/2024:07:18:55 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 610 "https://respbuy.com/my-account/" "axios/1.6.7" 13.232.155.149 - - [02/Mar/2024:07:18:57 +0000] "GET /product/respbuy-xzgkrasuowwrs/ HTTP/1.1" 403 428 "-" "axios/1.6.7" 13.232.155.149 - - [02/Mar/2024:07:18:56 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 610 "https://respbuy.com/my-account/" "axios/1.6.7" 13.232.155.149 - - [02/Mar/2024:07:18:58 +0000] "GET /product/respbuy-ajynkafxhsdqebframysqmkjqlwoplcggdjlwihmqyjbu/ HTTP/1.1" 403 428 "-" "axios/1.6.7" 13.232.155.149 - - [02/Mar/2024:07:18:57 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 610 "https://respbuy.com/my-account/" "axios/1.6.7" 13.232.155.149 - - [02/Mar/2024:07:18:59 +0000] "GET /product/respbuy-wltjhvzzxloibakyknkuxdm/ HTTP/1.1" 403 428 "-" "axios/1.6.7" 13.232.155.149 - - [02/Mar/2024:07:18:58 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 610 "https://respbuy.com/my-account/" "axios/1.6.7" 13.232.155.149 - - [02/Mar/2024:07:19:00 +0000] "GET /product/respbuy-udmtpldzacpnccqqdzsyjpvzoffbnhprhecxuz/ HTTP/1.1" 403 428 "-" "axios/1.6.7" 13.232.155.149 - - [02/Mar/2024:07:18:59 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 610 "https://respbuy.com/my-account/" "axios/1.6.7" 13.232.155.149 - - [02/Mar/2024:07:19:01 +0000] "GET /product/respbuy-qqbuzoohjfvxjpgdzdianjikqzgnoeiwzuysvugtzesxpvfbq/ HTTP/1.1" 403 428 "-" "axios/1.6.7" 13.232.155.149 - - [02/Mar/2024:07:19:00 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 610 "https://respbuy.com/my-account/" "axios/1.6.7" 13.232.155.149 - - [02/Mar/2024:07:19:02 +0000] "GET /product/respbuy-yjoawbruscdpftohzuzkunb/ HTTP/1.1" 403 428 "-" "axios/1.6.7" 13.232.155.149 - - [02/Mar/2024:07:19:01 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 610 "https://respbuy.com/my-account/" "axios/1.6.7" 13.232.155.149 - - [02/Mar/2024:07:19:02 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 610 "https://respbuy.com/my-account/" "axios/1.6.7" 43.204.218.232 - - [02/Mar/2024:07:21:12 +0000] "GET /product/respbuy-cjgrywfvcxffnrdwjhnhtssuppafdnhevekfbupwastrvnonzhyspvzbcwnllgzokwavftgvluxwqhlclaffywrmow/ HTTP/1.1" 403 3494 "-" "axios/1.6.7" 43.204.218.232 - - [02/Mar/2024:07:21:12 +0000] "GET /product/respbuy-krxclwemuiftnyrahtfnydpztlfvxoqimrmpgrjwibazrf/ HTTP/1.1" 403 3494 "-" "axios/1.6.7" 43.204.218.232 - - [02/Mar/2024:07:21:13 +0000] "GET /product/respbuy-uwidfhbmxnqlqm/ HTTP/1.1" 403 3494 "-" "axios/1.6.7" 43.204.218.232 - - [02/Mar/2024:07:21:12 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 610 "https://respbuy.com/my-account/" "axios/1.6.7" 43.204.218.232 - - [02/Mar/2024:07:21:14 +0000] "GET /product/respbuy-tjrgybszkalojgdlnczpebhawdjwtkbjvywcpujhqozneqjcrnylkvurxtmbygzhvlifikkmrim/ HTTP/1.1" 403 428 "-" "axios/1.6.7" 43.204.218.232 - - [02/Mar/2024:07:21:13 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 610 "https://respbuy.com/my-account/" "axios/1.6.7" 43.204.218.232 - - [02/Mar/2024:07:21:12 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 3676 "https://respbuy.com/my-account/" "axios/1.6.7" 43.204.218.232 - - [02/Mar/2024:07:21:15 +0000] "GET /product/respbuy-bvvnuwwocbjbfpkjtpvzmwhxvthgjcltrmwjbvasvzvktcdveoqeicifboszlbyxonzsjdzf/ HTTP/1.1" 403 428 "-" "axios/1.6.7" 43.204.218.232 - - [02/Mar/2024:07:21:14 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 610 "https://respbuy.com/my-account/" "axios/1.6.7" 43.204.218.232 - - [02/Mar/2024:07:21:16 +0000] "GET /product/respbuy-zsfeiqqqjibohbnvquoonfbxywgmkdgzygogawynccoxkaqcrdofzxqwloepaxq/ HTTP/1.1" 403 428 "-" "axios/1.6.7" 43.204.218.232 - - [02/Mar/2024:07:21:15 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 610 "https://respbuy.com/my-account/" "axios/1.6.7" 43.204.218.232 - - [02/Mar/2024:07:21:17 +0000] "GET /product/respbuy-ztcrohytinytqyopedhaiohsawpobzpgqjnzukwppknxahbayidwhmaddzlcehpwwsklqbkugke/ HTTP/1.1" 403 428 "-" "axios/1.6.7" 43.204.218.232 - - [02/Mar/2024:07:21:16 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 610 "https://respbuy.com/my-account/" "axios/1.6.7"
RespBuy
Thanks for checking but i still see many floods in access.log
13.232.155.149 - - [02/Mar/2024:07:18:55 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 610 "https://respbuy.com/my-account/" "axios/1.6.7" 13.232.155.149 - - [02/Mar/2024:07:18:57 +0000] "GET /product/respbuy-xzgkrasuowwrs/ HTTP/1.1" 403 428 "-" "axios/1.6.7" 13.232.155.149 - - [02/Mar/2024:07:18:56 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 610 "https://respbuy.com/my-account/" "axios/1.6.7" 13.232.155.149 - - [02/Mar/2024:07:18:58 +0000] "GET /product/respbuy-ajynkafxhsdqebframysqmkjqlwoplcggdjlwihmqyjbu/ HTTP/1.1" 403 428 "-" "axios/1.6.7" 13.232.155.149 - - [02/Mar/2024:07:18:57 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 610 "https://respbuy.com/my-account/" "axios/1.6.7" 13.232.155.149 - - [02/Mar/2024:07:18:59 +0000] "GET /product/respbuy-wltjhvzzxloibakyknkuxdm/ HTTP/1.1" 403 428 "-" "axios/1.6.7" 13.232.155.149 - - [02/Mar/2024:07:18:58 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 610 "https://respbuy.com/my-account/" "axios/1.6.7" 13.232.155.149 - - [02/Mar/2024:07:19:00 +0000] "GET /product/respbuy-udmtpldzacpnccqqdzsyjpvzoffbnhprhecxuz/ HTTP/1.1" 403 428 "-" "axios/1.6.7" 13.232.155.149 - - [02/Mar/2024:07:18:59 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 610 "https://respbuy.com/my-account/" "axios/1.6.7" 13.232.155.149 - - [02/Mar/2024:07:19:01 +0000] "GET /product/respbuy-qqbuzoohjfvxjpgdzdianjikqzgnoeiwzuysvugtzesxpvfbq/ HTTP/1.1" 403 428 "-" "axios/1.6.7" 13.232.155.149 - - [02/Mar/2024:07:19:00 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 610 "https://respbuy.com/my-account/" "axios/1.6.7" 13.232.155.149 - - [02/Mar/2024:07:19:02 +0000] "GET /product/respbuy-yjoawbruscdpftohzuzkunb/ HTTP/1.1" 403 428 "-" "axios/1.6.7" 13.232.155.149 - - [02/Mar/2024:07:19:01 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 610 "https://respbuy.com/my-account/" "axios/1.6.7" 13.232.155.149 - - [02/Mar/2024:07:19:02 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 610 "https://respbuy.com/my-account/" "axios/1.6.7" 43.204.218.232 - - [02/Mar/2024:07:21:12 +0000] "GET /product/respbuy-cjgrywfvcxffnrdwjhnhtssuppafdnhevekfbupwastrvnonzhyspvzbcwnllgzokwavftgvluxwqhlclaffywrmow/ HTTP/1.1" 403 3494 "-" "axios/1.6.7" 43.204.218.232 - - [02/Mar/2024:07:21:12 +0000] "GET /product/respbuy-krxclwemuiftnyrahtfnydpztlfvxoqimrmpgrjwibazrf/ HTTP/1.1" 403 3494 "-" "axios/1.6.7" 43.204.218.232 - - [02/Mar/2024:07:21:13 +0000] "GET /product/respbuy-uwidfhbmxnqlqm/ HTTP/1.1" 403 3494 "-" "axios/1.6.7" 43.204.218.232 - - [02/Mar/2024:07:21:12 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 610 "https://respbuy.com/my-account/" "axios/1.6.7" 43.204.218.232 - - [02/Mar/2024:07:21:14 +0000] "GET /product/respbuy-tjrgybszkalojgdlnczpebhawdjwtkbjvywcpujhqozneqjcrnylkvurxtmbygzhvlifikkmrim/ HTTP/1.1" 403 428 "-" "axios/1.6.7" 43.204.218.232 - - [02/Mar/2024:07:21:13 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 610 "https://respbuy.com/my-account/" "axios/1.6.7" 43.204.218.232 - - [02/Mar/2024:07:21:12 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 3676 "https://respbuy.com/my-account/" "axios/1.6.7" 43.204.218.232 - - [02/Mar/2024:07:21:15 +0000] "GET /product/respbuy-bvvnuwwocbjbfpkjtpvzmwhxvthgjcltrmwjbvasvzvktcdveoqeicifboszlbyxonzsjdzf/ HTTP/1.1" 403 428 "-" "axios/1.6.7" 43.204.218.232 - - [02/Mar/2024:07:21:14 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 610 "https://respbuy.com/my-account/" "axios/1.6.7" 43.204.218.232 - - [02/Mar/2024:07:21:16 +0000] "GET /product/respbuy-zsfeiqqqjibohbnvquoonfbxywgmkdgzygogawynccoxkaqcrdofzxqwloepaxq/ HTTP/1.1" 403 428 "-" "axios/1.6.7" 43.204.218.232 - - [02/Mar/2024:07:21:15 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 610 "https://respbuy.com/my-account/" "axios/1.6.7" 43.204.218.232 - - [02/Mar/2024:07:21:17 +0000] "GET /product/respbuy-ztcrohytinytqyopedhaiohsawpobzpgqjnzukwppknxahbayidwhmaddzlcehpwwsklqbkugke/ HTTP/1.1" 403 428 "-" "axios/1.6.7" 43.204.218.232 - - [02/Mar/2024:07:21:16 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 610 "https://respbuy.com/my-account/" "axios/1.6.7"
RespBuyMy account - RespBuy
Its blocking the GET requests not the POST requests to admin-ajax.php
43.204.218.232 - - [02/Mar/2024:07:21:16 +0000] "**GET** /product/respbuy-zsfeiqqqjibohbnvquoonfbxywgmkdgzygogawynccoxkaqcrdofzxqwloepaxq/ HTTP/1.1" **403** 428 "-" "axios/1.6.7"
43.204.218.232 - - [02/Mar/2024:07:21:15 +0000] "**POST** /wp-admin/admin-ajax.php HTTP/1.1" **200** 610 "https://respbuy.com/my-account/" "axios/1.6.7"
You will need to figure out an .htaccess rule to block access to admin-ajax.php or only allow your own / local IP's to access it. I can't add that kind of blocking to the blocker as it will be undesirable for many
RespBuy
We use axios to fetch data from our headless WordPress instances in Nuxt.
Is there potential to add a whitelist for UA's?
We use axios to fetch data from our headless WordPress instances in Nuxt.
Is there potential to add a whitelist for UA's?
Please add axios to https://github.com/mitchellkrogza/apache-ultimate-bad-bot-blocker/blob/master/Apache_2.4/custom.d/blacklist-user-agents.conf
This file is both a black & whitelist for users to add their own, it will override the globalblacklist.conf Once added reload apache, test and let me know if resolved.
Hi Mitchell, Though i see 403 for this UA, however its still eating up server resources to 100%, specially memory.
Hi Mitchell, Though i see 403 for this UA, however its still eating up server resources to 100%, specially memory.
That's because it's abusing your admin-ajax.php and overloading your server. Try block all outside access to admin-ajax.php and only allow your local server IP and your own IP access. You will need to Google for a fix to that. Alternatively block their IP in the custom include file for IP's and keep adding new ones as they change them.
We use axios to fetch data from our headless WordPress instances in Nuxt.
Is there potential to add a whitelist for UA's?
Any update?
Axios has been removed from the globalblacklist due to complaints. It is a popular nodejs library. You will need to block it in your own custom blacklist, instead.
addition as a bad bot..
Started since yesterday.. nasty one.. coming up with dynamic ips (approx 250 ips noted till now)
access.log prints: 13.233.254.45 - - [02/Mar/2024:04:35:25 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 610 "https://respbuy.com/my-account/" "axios/1.6.7" 13.233.254.45 - - [02/Mar/2024:04:35:27 +0000] "GET /product/respbuy-utbjmmtrjhbtlnbxbcrdxmqbllvacwtms/ HTTP/1.1" 403 428 "-" "axios/1.6.7" 13.233.254.45 - - [02/Mar/2024:04:35:26 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 610 "https://respbuy.com/my-account/" "axios/1.6.7" 13.233.254.45 - - [02/Mar/2024:04:35:28 +0000] "GET /product/respbuy-neexvvpqzhawnpoofmcjnopwwwwtxttykzbqqxypkjrhkymurisdyrsrrrvpurdwxyndseeoteyt/ HTTP/1.1" 403 428 "-" "axios/1.6.7"
eats up entire sever memory in second by the DDoS attack.