Black Friday Hosting Deals: 69% Off + Free Migration: Grab the Deal Grab It Now!
Black Friday Hosting Deals: 69% Off + Free Migration: Grab the Deal Grab It Now!
Cloud Hosting
VPS Hosting
GPU Cloud
Dedicated Server
Server Colocation
Backup as a Service
CDN Network
Window Cloud Hosting
Linux Cloud Hosting
Managed Cloud Service
Storage as a Service
VMware Public Cloud
Multi-Cloud Hosting
Cloud Server Hosting
Bare Metal Server
Virtual Machine
Magento Hosting
Remote Backup
DevOps
Kubernetes
Cloud Storage
NVMe Hosting
DR as s Service
API Gateway
As we live in a world that is highly reliant on the internet, it is important to ensure that the managing of websites has their security and performance in check. Cyberbots can be annoying, taking up bandwidth and scraping content; at times, they can conduct disruptive operations. For the issues with WHM/cPanel together with Apache, you have the necessary resources to address them effectively.
If you have ever wondered how to block these unwanted bots and keep your site secure and running as efficiently as possible, read this guide to find out.
Before diving into the technical details, it’s important to differentiate between good bots and bad bots:
Good Bots: These are genuine bots, such as Googlebot-Botcrawl and Bingbot, that assist in indexing your site.
Bad Bots: These include these often bothersome or invasive bots that scrawl, post spam or DDoS attacks on your server.
- Access to WHM/cPanel
- Basic Apache Configuration Knowledge
The first step in blocking bots is identifying them. Use your server logs or analytics tools to detect suspicious activities. Look for:
- Unusual patterns in traffic (e.g., many requests from a single IP address).
- Requests to non-existent pages.
- Excessive server load at odd hours.
You can also refer to publicly available lists of known bad bots.
The .htaccess file in your site's root directory allows you to control Apache configurations at the directory level. Here’s how you can block bots using .htaccess:
Access .htaccess:
Log in to your cPanel account.
Then click on File Manager.
Go to the root directory of your website (usually /public_html).
If .htaccess is not visible, enable the "Show Hidden Files" option.
Add Bot Blocking Rules: Open .htaccess and add rules to block bad bots. Here’s a sample code to block known bad bots by their user-agent strings:
apache
Copy code
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} (badbot1|badbot2|anotherbadbot) [NC]
RewriteRule .* - [F,L]
- Replace badbot1, badbot2, etc., with the user-agent strings of the bots you want to block.
- Save Changes: After adding the necessary rules, save the file. Your changes should take effect immediately.
If certain bots are coming from specific IP addresses, you can block those IPs directly using cPanel’s IP Deny Manager:
- Log in to cPanel
- Navigate to IP Deny Manager
- Add IPs to Block
- Review and Save
ModSecurity is a web application firewall that can help block bad bots based on various rules and patterns:
- Access ModSecurity:
- Log in to WHM.
- Navigate to Security Center and select ModSecurity Configuration.
- Enable and Configure: Ensure ModSecurity is enabled. You can configure specific rules or use pre-defined rules to block malicious bots.
- Update Rules: Regularly update your ruleset to stay protected against new threats.
To protect your forms from bot submissions, implement CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart):
- Choose a CAPTCHA Service: Popular choices include Google reCAPTCHA or hCaptcha.
- Integrate CAPTCHA: Follow the service's documentation to add CAPTCHA to your forms. This often involves adding a few lines of HTML and JavaScript to your form code.
- Test: Ensure the CAPTCHA works correctly and doesn’t hinder user experience.
Blocking bots is not a one-time task. Regularly monitor your server logs and update your .htaccess, ModSecurity rules, and IP blocks as necessary. Stay informed about new bot threats and adapt your strategies accordingly.
- Site Downtime: If your site goes down after updating .htaccess, check for syntax errors in the file. Restore the original file if necessary.
- Legitimate Traffic Blocked: Sometimes, legitimate users might be blocked. Ensure you review and test your blocking rules carefully.
- Performance Issues: Extensive rules in .htaccess can slow down your site. Consider using more efficient methods like IP-based blocking for high-traffic bots.
It therefore entails hardening by identifying threats and configuring. Apache mod_security can be used to block bad bots in WHM/cPanel from a number of basic steps. With .htaccess, through the control panel IP deny manager, engaging ModSecurity, and adding CAPTCHA will help increase security further. It is a must to manage and update the system frequently to ensure that the defence system is well implemented. If you follow the above-mentioned steps, your site stays protected and well undertaken by good bots, while the bad bots are completely discouraged.
Let’s talk about the future, and make it happen!
Pricing Calculator
Unlock Cost Optimization
Overview
Documentation
Price Calculator
Tools
FAQs
Terms of Service
Privacy Policy
Migration
Container
Power
Utilities
VMware Private Cloud
VMware on AWS
VMware on Azure
Certifications
Customers
Partners
Careers
Support
Service Level Agreement 
Contact
