Search for the Solution?
Stop BAD BOTS in cPanel / WHM Using ModSecurity Custom Rule Set (Easiest Way)
Banish Bad Bots: Enhance cPanel/WHM Security with ModSecurity Custom Rules
Bad bots and malicious crawlers can wreak havoc on your website’s performance, consuming valuable server resources and potentially compromising security. If you’re managing a Linux-based VPS or dedicated server with cPanel/WHM, ModSecurity offers a powerful solution for blocking these unwelcome visitors. This guide provides a simple yet effective method to create custom ModSecurity rules in WHM, enabling you to stop bad bots globally and improve your server’s overall stability and security.
Understanding the Threat of Bad Bots
Bad bots are automated programs that visit websites with malicious intent. They can be responsible for various harmful activities, including:
- Scraping Content: Stealing your website’s content without permission.
- Spreading Malware: Injecting malicious code into your website.
- Launching DDoS Attacks: Overloading your server with traffic, causing downtime.
- Brute-Force Attacks: Attempting to guess login credentials to gain unauthorized access.
- Skewing Website Analytics: Generating fake traffic that distorts your website’s performance data.
Why Use ModSecurity to Block Bad Bots?
ModSecurity is a robust web application firewall (WAF) that acts as a gatekeeper for your website. It analyzes incoming web traffic and blocks requests that match predefined rules or exhibit suspicious behavior. By creating custom ModSecurity rules, you can effectively target and block specific bad bots based on their user-agent strings.
Benefits of using ModSecurity:
- Enhanced Security: Protects your website from malicious bots and attacks.
- Improved Performance: Reduces server load by blocking unwanted traffic.
- Preserves Resources: Conserves bandwidth and processing power by preventing bad bots from accessing your server.
- Customizable Protection: Tailor your defense by creating rules specific to your needs.
- Real-time Monitoring: Track blocked requests and identify potential threats.
Blocking Bad Bots with ModSecurity in WHM
Step 1: Access ModSecurity Tools in WHM
- Log in to WHM: Access your Web Host Manager by visiting
your-domain.com/whm
orhttps://your-domain.com:2087
(replaceyour-domain.com
with your server’s IP address or domain name). - Navigate to Security Center: Find the “Security Center” category in the WHM sidebar.
- Open ModSecurity Tools: Click on “ModSecurity Tools.”
Step 2: Add a Custom ModSecurity Rule
-
Access Rule List: Click the “Rule List” button on the right side of the screen.
-
Add New Rule: Click the “Add Rule” button, which will take you to the “Add a new custom ModSecurity™ rule” page.
-
Paste Rule Text: In the “Rule Text” box, paste the following code:
SecRule REQUEST_HEADERS:User-Agent "@rx (?:BotName1|BotName2|BotName3)" "msg:'Spiderbot blocked',phase:1,log,id:7777771,t:none,block,status:403"
Important: Replace
BotName1
,BotName2
, andBotName3
with the actual user-agent strings of the bots you want to block. You can add as many bots as needed within the parentheses, separated by pipes (|
). -
Enable and Deploy: Ensure the “Enable Rule” checkbox is ticked. Also, select “Deploy and Restart Apache” to activate the rule immediately.
-
Save the Rule: Click the “Save” button to add the custom rule.
Verifying Blocked Bots
- Access ModSecurity Tools: Return to “ModSecurity Tools” in WHM.
- View Hits List: The “Hits List” displays recent ModSecurity activity.
- Search for Rule ID: Enter the rule ID (
7777771
in the example code) to filter and view all blocked requests related to your custom rule. - Confirm Blocking: If you see entries with a 403 status code, it indicates that the specified bots have been successfully blocked.
Important Notes
- Bot User-Agents: To effectively block specific bots, you need to know their user-agent strings. You can often find this information in your server logs or by searching online for the bot’s name.
- Regular Updates: Keep your ModSecurity rules updated to block new and emerging threats.
- Caution: Be careful when adding ModSecurity rules, as overly broad rules can inadvertently block legitimate traffic.
Enhance Server Security with MyGlobalHost
Securing your server is crucial for protecting your website and its visitors. MyGlobalHost offers robust hosting solutions with advanced security features, including ModSecurity integration and expert support. Our team can assist you with configuring ModSecurity rules and optimizing your server’s security.
Choose MyGlobalHost for a secure and reliable hosting experience, and safeguard your online presence from malicious bots and other threats.