Just looking for some help on dealing with a Katana Bot emanating from New Jersey that is trawling a dynamic page I have and which is also setup to send the admin an email if any one clicks on any of the treatment buttons.
We like to try and see what area the person clicking the button is from so the form grabs their ip address and runs it through an ip address finder before sending the results to the admin.
Am I best just blocking the email using a filter on the sending name or is there a more elaborate way?
Last night I got over 200 emails as the bot went through all possible pages!
Here is what the emails look like:
katana) RLIKE (SELECT (CASE WHEN (3707=9408) THEN 0x6b6174616e61 ELSE 0x28 END)) AND (4565 BETWEEN 4565 AND 4565 link was clicked in treatment page.
Are you using a captcha in your form? Blocking an individual IP address is just masking the problem, this is a fundamental security architecture problem. Imagine you get hit with a DoS attack and they flood your page with many requests per second, you'll receive tons of e-mails and then your e-mails will be marked as spam and so on...
I think it is just a bot which has latched on to a dynamic page which a couple of hundred possibilities and so the same amount of submit buttons. I have updated the robots.txt and the htaccess and for now the emails have stopped and the usual requests are getting through
It's not always going to catch all bots, but a simple action you can take is to add a hidden input field on the form, so normal users can't put a value in it, then check the form submission in the server action with a condition, if the field has a value, do not continue the steps to update your database or send an email.