Message Board

Tracking Harvesters/Spammers

Older Posts ]   [ Newer Posts ]
 Googlebot impersonators?
Author: M.Patnode   (21 Nov 16 7:25pm)
It seems I get 10K+ hits a day by agents claiming to be Googlebot who are sniffing wp-login.php. They are not Google IP addresses and I'm not a WordPress site. That should be a big red flag, no? Would it be reasonable to reject anything that claims to be Googlebot that doesn't match their IP?
 
 Re: Googlebot impersonators?
Author: M.Patnode   (21 Nov 16 7:28pm)
Some examples:

213.246.61.116 dianag.onsugar.com - - [21/Nov/2016:19:19:25 -0800] 0.000 "GET /blogs/wp-login.php HTTP/1.1" 404 5 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" "213.246.61.116"

207.71.172.19 blog.atlantalulabelle.onsugar.com - - [21/Nov/2016:19:19:14 -0800] 0.002 "GET /test/wp-login.php HTTP/1.1" 404 5 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" "207.71.172.19"

179.188.17.2 www.phuket5starhotels435.onsugar.com - - [21/Nov/2016:19:19:01 -0800] 0.001 "GET /wp/wp-login.php HTTP/1.1" 404 5 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" "179.188.17.2"

94.23.3.161 blog.dibiwyfexosanope.onsugar.com - - [21/Nov/2016:19:17:04 -0800] 0.001 "GET /wordpress/wp-login.php HTTP/1.1" 404 5 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" "94.23.3.161"
 
 Re: Googlebot impersonators?
Author: D.Philips   (17 Dec 16 8:43am)
Good question, how do we determine if a Googlebot is real, or a hacker who mimics Google. Its becoming a full time job just protecting one website these days. I only accept traffic from my own country as -that's where my customers live, its all local business. So, I ban any other country. But its frustrating with Google bots hitting wp-admin -my login and why should they go there when they are not supposed to as per ht access? Its total nonsense.
 
 Re: Googlebot impersonators?
Author: A.Godziuk   (19 Oct 17 1:39am)
You need to check if reverse dns matches the forward dns and is in google.com domain. Google has a FAQ here: https://support.google.com/webmasters/answer/80553

It's easy to do in PHP (maybe there are Wordpress plugins?), I've implemented it in Varnish before, but I haven't seen a solution for Apache or Nginx.
 
 Re: Googlebot impersonators?
Author: B.Terry2   (23 Jan 18 6:13pm)
I have wordfence. This is my question as well. I use a mask for my log in on WP, so anyone who attempts to go to the wp-admin login page is automatically blocked. I've done that with a couple of "googlebots" - and I'm glad to see others have seen this as well. I was worried that I was blocking a legitimate Google bot.

So - I have a full list of blocked sites on my WordFence blocking list. Would it help people here if I upload those? Anytime someone tries to log in, they get blocked. I also see some attempts to log on to my php or htaccess files. I block them unless I can verify they are coming from my host's IP or one of my apps (like JetPak).

So - 1) will wordfence interfere or count a honeypot as a problem on my site?
and 2) Would my list of spammers/hackers be of use to this group?

Thanks! I forgot about this site until I had to hunker down and change my passwords on 200+ sites! So now I'm on the warpath about these cretins who cause us all so many headaches! How can I help?

BT



You may browse the discussion topics, but you must sign in to post. If you do not have an account, you can create one for free.

do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–25, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email