Home/ Questions/Q 8729387
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T08:49:27+00:00

I have a bot that is trying to access my site by entering what

  • 0

I have a bot that is trying to access my site by entering what appear to be keywords or passcodes. The entries come from dozens of different IPs and locations, so I can’t block via IP, location, or referrer.

The bot attempts to visit a page like this:

http://www.website.com/valid-page/?kwd=du2c3m

Always in this format and the ‘valid-page’ is always the same page. I get as many as 400 of these attempts a day, and have been getting them for over a week.

My question is, how can I use .htaccess to block these attempts? I’m sure it’s relatively straightforward – like blocking all ‘?kwd’ urls or blocking all subdirectories of the ‘valid-page’

Any thoughts? I really appreciate it.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    What’s unique that these bots are doing that normal humans browsing your site aren’t doing? If it’s a matter of a user-agent (should be in your access logs), then block that user-agent:

    RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} the_bot_useragent
RewriteRule ^ - [L,F]

    If it’s a matter of the weird query string, then block that query string:

    RewriteEngine On
RewriteCond %{QUERY_STRING} kwd=
RewriteRule ^ - [L,F]

    If it’s a matter of all the bots originating from an IP or a subnet:

    Deny 123.45.67
# or
Deny 123.123.123.123
    • 0