Is your website struggling with spam comments, content scrapers, bandwidth leeches, and other unwanted bots? These bad bots can consume valuable hosting resources and negatively impact your site’s performance.<\/p>\n
In this guide, we\u2019ll show you how to block bad bots with minimal effort using .htaccess. Let\u2019s get started!<\/p>\n
If you\u2019re a ChemiCloud customer, you\u2019re already protected! We have custom security rules that automatically block known resource-draining bots, including:<\/p>\n
If you actively use services like Ahrefs and need access, our support team can disable the relevant rule for your account. Just reach out\u2014we’re happy to assist!<\/p>\n
Before blocking bots, it’s important to identify them. You can do this by analyzing your website’s log files. While interpreting logs takes some practice, you can also use log-parsing software to simplify the process.<\/p>\n
A quick Google search can provide tools to help analyze logs, or you can use Excel for manual filtering based on patterns in requests. Once you identify the problematic bots, you can block them using different methods:<\/p>\n
Before applying these methods, make sure to research the bot in question. A simple search can reveal whether it’s harmful or useful.<\/p>\n
If your logs show suspicious query patterns, such as:<\/p>\n
https:\/\/www.example.com\/asdf-crawl\/request\/?scanx=123\r\nhttps:\/\/wwww.example2.net\/sflkjfglkj-crawl\/request\/?scanx123445<\/code><\/pre>\nThese requests likely have different user agents, IPs, and referrers. The best approach is to block requests based on recurring patterns. Common elements in the above examples include:<\/p>\n
\ncrawl<\/code><\/li>\nscanx<\/code><\/li>\n<\/ul>\nTo block such requests, add this to your .htaccess file:<\/p>\n
# Block via Request URI\r\n<IfModule mod_alias.c>\r\n RedirectMatch 403 \/crawl\/\r\n<\/IfModule><\/code><\/pre>\nTo block multiple patterns, use:<\/p>\n
# Block via Request URI\r\n<IfModule mod_alias.c>\r\n RedirectMatch 403 \/(crawl|scanx)\/\r\n<\/IfModule><\/code><\/pre>\nIf the pattern appears in the query string (after the ?<\/code> symbol), use mod_rewrite instead:<\/p>\n# Block via Query String\r\n<IfModule mod_rewrite.c>\r\n RewriteEngine On\r\n RewriteCond %{QUERY_STRING} (crawl|scanx) [NC]\r\n RewriteRule (.*) - [F,L]\r\n<\/IfModule><\/code><\/pre>\nAlways test your site after applying these changes!<\/p>\n
\n
\n<\/div>\nBlocking via User-Agent<\/strong><\/h3>\nIf a bot repeatedly accesses your site under a specific user agent, block it with:<\/p>\n
# Block via User-Agent\r\n<IfModule mod_rewrite.c>\r\n RewriteEngine On\r\n RewriteCond %{HTTP_USER_AGENT} (EvilBotHere|SpamSpewer|SecretAgentAgent) [NC]\r\n RewriteRule (.*) - [F,L]\r\n<\/IfModule><\/code><\/pre>\nTo add more bots, use a pipe (|<\/code>) separator:<\/p>\nRewriteCond %{HTTP_USER_AGENT} (EvilBotHere|SpamSpewer|AnotherOne|YetAnother) [NC]<\/code><\/pre>\nTo test, use online tools like “Bots vs Browsers.”<\/p>\n
\n
\n<\/div>\nBlocking via Referrer<\/strong><\/h3>\nIf spammers or scrapers access your site through certain referrers, block them with:<\/p>\n
# Block via Referrer\r\n<IfModule mod_rewrite.c>\r\n RewriteEngine On\r\n RewriteCond %{HTTP_REFERER} ^http:\/\/(.*)spamreferrer1\\.org [NC,OR]\r\n RewriteCond %{HTTP_REFERER} ^http:\/\/(.*)bandwidthleech\\.com [NC,OR]\r\n RewriteCond %{HTTP_REFERER} ^http:\/\/(.*)contentthieves\\.ru [NC]\r\n RewriteRule (.*) - [F,L]\r\n<\/IfModule><\/code><\/pre>\nThe last RewriteCond<\/code> should not<\/strong> include [OR]<\/code> to properly terminate the condition.<\/p>\n\n
\n<\/div>\nBlocking via IP Address<\/strong><\/h3>\nBlocking by IP is useful in specific cases, though many bots use rotating IPs. To block a single IP:<\/p>\n
# Block via IP Address\r\n<IfModule mod_rewrite.c>\r\n RewriteEngine On\r\n RewriteCond %{REMOTE_ADDR} ^123\\.456\\.789\\.000$\r\n RewriteRule (.*) - [F,L]\r\n<\/IfModule><\/code><\/pre>\nTo block multiple IPs:<\/p>\n
# Block multiple IPs\r\n<IfModule mod_rewrite.c>\r\n RewriteEngine On\r\n RewriteCond %{REMOTE_ADDR} ^123\\.456\\.789\\.000$ [OR]\r\n RewriteCond %{REMOTE_ADDR} ^222\\.333\\.444\\.555$ [OR]\r\n RewriteCond %{REMOTE_ADDR} ^111\\.222\\.333\\.444$\r\n RewriteRule (.*) - [F,L]\r\n<\/IfModule><\/code><\/pre>\nFor blocking a range of IPs:<\/p>\n
# Block a range of IPs\r\n<IfModule mod_rewrite.c>\r\n RewriteEngine On\r\n RewriteCond %{REMOTE_ADDR} ^123\\. [OR]\r\n RewriteCond %{REMOTE_ADDR} ^111\\.222\\. [OR]\r\n RewriteCond %{REMOTE_ADDR} ^444\\.555\\.777\\.\r\n RewriteRule (.*) - [F,L]\r\n<\/IfModule><\/code><\/pre>\nThis example blocks:<\/p>\n
\n- All IPs starting with
123.<\/code><\/li>\n- All IPs starting with
111.222.<\/code><\/li>\n- All IPs starting with
444.555.777.<\/code><\/li>\n<\/ul>\nFinal Thoughts<\/strong><\/h3>\nBlocking bad bots helps protect your website\u2019s resources, improve performance, and prevent unwanted activity. While ChemiCloud provides automated protection, you can fine-tune bot blocking based on your specific needs using the methods above.<\/p>\n
If you have any questions or need assistance, our support team is here to help!<\/p>\n","protected":false},"excerpt":{"rendered":"
Is your website struggling with spam comments, content scrapers, bandwidth leeches, and other unwanted bots? These bad bots can consume valuable hosting resources and negatively impact your site’s performance. In this guide, we\u2019ll show you how to block bad bots with minimal effort using .htaccess. Let\u2019s get started! Automatic Bot…<\/p>\n","protected":false},"author":10,"featured_media":0,"comment_status":"open","ping_status":"closed","template":"","format":"standard","meta":{"_crdt_document":"","footnotes":""},"ht-kb-category":[192],"ht-kb-tag":[],"class_list":["post-6491","ht_kb","type-ht_kb","status-publish","format-standard","hentry","ht_kb_category-website-security"],"_links":{"self":[{"href":"https:\/\/chemicloud.com\/kb\/wp-json\/wp\/v2\/ht-kb\/6491","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/chemicloud.com\/kb\/wp-json\/wp\/v2\/ht-kb"}],"about":[{"href":"https:\/\/chemicloud.com\/kb\/wp-json\/wp\/v2\/types\/ht_kb"}],"author":[{"embeddable":true,"href":"https:\/\/chemicloud.com\/kb\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/chemicloud.com\/kb\/wp-json\/wp\/v2\/comments?post=6491"}],"version-history":[{"count":5,"href":"https:\/\/chemicloud.com\/kb\/wp-json\/wp\/v2\/ht-kb\/6491\/revisions"}],"predecessor-version":[{"id":8616,"href":"https:\/\/chemicloud.com\/kb\/wp-json\/wp\/v2\/ht-kb\/6491\/revisions\/8616"}],"wp:attachment":[{"href":"https:\/\/chemicloud.com\/kb\/wp-json\/wp\/v2\/media?parent=6491"}],"wp:term":[{"taxonomy":"ht_kb_category","embeddable":true,"href":"https:\/\/chemicloud.com\/kb\/wp-json\/wp\/v2\/ht-kb-category?post=6491"},{"taxonomy":"ht_kb_tag","embeddable":true,"href":"https:\/\/chemicloud.com\/kb\/wp-json\/wp\/v2\/ht-kb-tag?post=6491"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}