![[ Black Hole ]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vm_FiIF7I3oW3H-lU73t4nLBap64CYQpmulJchROgT5oY5XK4GGoqdRiCjAkeM7oTcA0Zhk_caU6OUU0-eVAAPjIIOEpadqU4RGmKjtcLCr4gO73gjVxtOdFJ4SVAnU-oS3DjxB17cpOf3JQg9f3o=s0-d)
robots.txt-forbidden directory somewhere on your pages. Bots that ignore or disobey your robots rules will crawl the link and fall into the trap, which then performs a WHOIS Lookupand records the event in the blackhole data file. Once added to the blacklist data file, bad bots immediately are denied access to your site. I call it the “one-strike” rule: bots have one chance to follow the robots.txt protocol, check the site’s robots.txt file, and obey its directives. Failure to comply results in immediate banishment. The best part is that the Blackhole only affectsbad bots: normal users never see the hidden link, and good bots obey the robots rules in the first place.![[ Blackhole Directory with Files ]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tEdKDVlY3S59sHUXVz83ydeOwH4G3Pmj5YWK1j8zpMkRLQnOAId5aeG7VwZx9vTGKRER8gM_U2AewUMCnjnoeewdZryzxnykQma4ZjMEps7yKrdGdJdYMohErBUkHM8xnSvp6Gaxlm48Oek8IWa9U=s0-d)
.htaccess to protect the blackhole directory. The blackhole script combines heavily modified versions of the Kloth.net script (for the bot trap) and the Network Query Tool (for the whois lookups) (404 link removed 2012/07/08). Refined over the years and completely revamped for this tutorial, the Blackhole consists of a single plug-&-play directory that contains the following four files:These four files are all contained in a single directory named “
blackhole”.Installation Overview
I set things up to make implementation as easy as possible. Here are the five basic steps:It’s that easy to install on your own site, but there are many ways to customize functionality. For complete instructions, jump ahead to Implementation and Configuration. For now, I think a good way to understand how it works is to check out a demo..
One-time Live Demo
I have set up a working demo of the Blackhole for this tutorial. It works exactly like the download version, but it’s configured to block you only from the demo, not from the entire site. Here’s how it works:So you get one chance to see how it works. Once you visit, your IP will be blocked from the demo only – you will still have full access to this tutorial (and everything else). That said, here is the demo link: Blackhole Demo. Visit once to see the Blackhole trap, and then again to observe that you’ve been blocked. If I were to include the
blackhole.php in the header of my theme files, you would be banned from pretty much the entire site.Implementation and Configuration
Here are complete instructions for implementing and configuring the Perishable Press Blackhole:Step 1: Download the Blackhole zip file, unzip and upload to your site’s root directory. This location is not required, but it enables everything to work out of the box. To use a different location, edit the
include path in Step 3.Step 2: Change file permissions for
blackhole.dat to make it writable by the server. The permission settings may vary depending on server configuration. If you are unsure about this, ask your host. Note that the blackhole script needs to be able to read, write, and execute theblackhole.dat file.Step 3: Include the bot-check script by adding the following line to the top of your pages:
<?php include($_SERVER['DOCUMENT_ROOT'] . "/blackhole/blackhole.php"); ?>blackhole.php script checks the request IP against the blacklist data file. If a match is found, the request is blocked with a customizable message. See the source code for more information.Step 4: Include a hidden link to the
/blackhole/ directory in the footer of your pages:<a style="display:none;" href="http://example.com/blackhole/" rel="nofollow">Do NOT follow this link or you will be banned from the site!</a>Step 5: Finally, add a
Disallow directive to your site’s robots.txt file:User-agent: *
Disallow: /blackhole//blackhole/directory or anything inside of it.” More on this in the next section..Further customization: The previous five steps will get the Blackhole working, but there are some details that you’ll want to customize:
These are the recommended changes, but the PHP is clean and generates valid HTML5, so feel free to modify the source code as needed. Note that beyond these three items, no other edits need made.
Caveat Emptor
Blocking bots is serious business. Good bots obeyrobots.txt rules, but there may be potentially useful bots that do not. Yahoo is the perfect example: it’s a valid search engine that sends some traffic, but sadly the Yahoo Slurp bot is too stupid to follow the rules. Since setting up the Blackhole several years ago, I’ve seen Slurp disobey robots rules hundreds of times. robots.txt directives. Proceed accordingly.Whitelisting Search Bots
Initially, the Blackhole blocked any bot that disobeyed therobots.txt directives. Unfortunately, as discussed in the comments, Googlebot, Yahoo, and other major search bots do not always obey robots rules. And while blocking Yahoo! Slurp is debatable, blocking Google, MSN/Bing, et al would just be dumb. Thus, the Blackhole now “whitelists” any user agent identifying as any of the following:Whitelisting these user agents ensures that anything claiming to be a major search engine is allowed open access. The downside is that user-agent strings are easily spoofed, so a bad bot could crawl along and say, “hey look, I’m teh Googlebot!” and the whitelist would grant access. It ispossible to verify the true identity of each bot, but as X3M explains in the comments, doing so consumes significant resources and could overload the server. Avoiding that scenario, the Blackhole errs on the side of caution: it’s better to allow a few spoofs than to block any of the major search engines.
License and Disclaimer
The Perishable Press Blackhole is released under GNU General Public License. Check the Creative Commons for a summary and/or see the Blackhole source code for additional information. Also note that by downloading the Blackhole, you agree to accept full responsibility for its use. In no way shall the author be held accountable for anything that happens after the file has been downloaded.Blackhole Download
Here you can download the current version of the Blackhole:Blackhole – Version 2.0 (5 kB zip)
0 comments:
Post a Comment