bad_bots.jpg If you look in your server logs you will probably see attempts by automated scripts (bots) to hack your site.

This applies to all sites, not just Joomla sites.

Most of these attempts will be futile, especially if you installed the latest updates, but it's better to be safe than sorry ...

While the Joomla core is generally secure and security holes are fixed quickly once discovered, third party extensions are another matter entirely. It's mostly the third party ( 3PO ) extensions that hackers try to exploit because the code is often less well written in terms of security.

The good news is these bots can be kicked off your site at the moment they try to connect by adding some directives to the .htaccess file.

The user agents listed are just for example, so you may want to add more agents or delete agents from this list.
Searching Google for bad bots can help you find new bots to block.

In my experience the libwww-perl agent is one of the most important to block.

########## start block bad bots
SetEnvIfNoCase User-Agent "^EmailSiphon" bad_bot
SetEnvIfNoCase User-Agent "^.*psycheclone" bad_bot
SetEnvIfNoCase User-Agent "^EmailWolf" bad_bot
SetEnvIfNoCase User-Agent "^ExtractorPro" bad_bot
SetEnvIfNoCase User-Agent "^CherryPicker" bad_bot
SetEnvIfNoCase User-Agent "^NICErsPRO" bad_bot
SetEnvIfNoCase User-Agent "^Teleport" bad_bot
SetEnvIfNoCase User-Agent "^EmailCollector" bad_bot
SetEnvIfNoCase User-Agent "^LinkWalker" bad_bot
SetEnvIfNoCase User-Agent "^Zeus" bad_bot
SetEnvIfNoCase User-Agent "^Mozilla.*NEWT" bad_bot
SetEnvIfNoCase User-Agent "^Crescent" bad_bot
SetEnvIfNoCase User-Agent "^[Ww]eb[Bb]andit" bad_bot
SetEnvIfNoCase User-Agent "^NICErsPRO" bad_bot
SetEnvIfNoCase User-Agent "^WebEMailExtrac.*" bad_bot
SetEnvIfNoCase User-Agent "^Microsoft.URL" bad_bot
SetEnvIfNoCase User-Agent "^Wget" bad_bot
SetEnvIfNoCase User-Agent "^DIIbot" bad_bot
SetEnvIfNoCase User-Agent "^sitecheck.internetseer.com" bad_bot
SetEnvIfNoCase User-Agent "^psbot" bad_bot
SetEnvIfNoCase User-Agent "^libwww-perl" bad_bot

<Limit GET POST>
Order Allow,Deny
Allow from all
Deny from env=bad_bot
</Limit>
########## end block bad bots

 

I also found a larger list of bad user agents here  

proudly-canadian-flag.gif
Best Canadian Web Host for Joomla



Joomla Web Hosting Canada RSS Feed