Message Board

Tracking Harvesters/Spammers

Older Posts ]   [ Newer Posts ]
 Googlebot impersonators?
Author: M.Patnode   (21 Nov 16 7:25pm)
It seems I get 10K+ hits a day by agents claiming to be Googlebot who are sniffing wp-login.php. They are not Google IP addresses and I'm not a WordPress site. That should be a big red flag, no? Would it be reasonable to reject anything that claims to be Googlebot that doesn't match their IP?

 Re: Googlebot impersonators?
Author: M.Patnode   (21 Nov 16 7:28pm)
Some examples: - - [21/Nov/2016:19:19:25 -0800] 0.000 "GET /blogs/wp-login.php HTTP/1.1" 404 5 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +" "" - - [21/Nov/2016:19:19:14 -0800] 0.002 "GET /test/wp-login.php HTTP/1.1" 404 5 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +" "" - - [21/Nov/2016:19:19:01 -0800] 0.001 "GET /wp/wp-login.php HTTP/1.1" 404 5 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +" "" - - [21/Nov/2016:19:17:04 -0800] 0.001 "GET /wordpress/wp-login.php HTTP/1.1" 404 5 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +" ""
 Re: Googlebot impersonators?
Author: D.Philips   (17 Dec 16 8:43am)
Good question, how do we determine if a Googlebot is real, or a hacker who mimics Google. Its becoming a full time job just protecting one website these days. I only accept traffic from my own country as -that's where my customers live, its all local business. So, I ban any other country. But its frustrating with Google bots hitting wp-admin -my login and why should they go there when they are not supposed to as per ht access? Its total nonsense.
 Re: Googlebot impersonators?
Author: A.Godziuk   (19 Oct 17 1:39am)
You need to check if reverse dns matches the forward dns and is in domain. Google has a FAQ here:

It's easy to do in PHP (maybe there are Wordpress plugins?), I've implemented it in Varnish before, but I haven't seen a solution for Apache or Nginx.
 Re: Googlebot impersonators?
Author: B.Terry2   (23 Jan 18 6:13pm)
I have wordfence. This is my question as well. I use a mask for my log in on WP, so anyone who attempts to go to the wp-admin login page is automatically blocked. I've done that with a couple of "googlebots" - and I'm glad to see others have seen this as well. I was worried that I was blocking a legitimate Google bot.

So - I have a full list of blocked sites on my WordFence blocking list. Would it help people here if I upload those? Anytime someone tries to log in, they get blocked. I also see some attempts to log on to my php or htaccess files. I block them unless I can verify they are coming from my host's IP or one of my apps (like JetPak).

So - 1) will wordfence interfere or count a honeypot as a problem on my site?
and 2) Would my list of spammers/hackers be of use to this group?

Thanks! I forgot about this site until I had to hunker down and change my passwords on 200+ sites! So now I'm on the warpath about these cretins who cause us all so many headaches! How can I help?


do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–20, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email