Spider or Bot Hitting Searches

  • Hi there, Love the plugin. Recently we’ve noticed a spider or bot has been SPAMMING our search field. These code string searches are getting logged as User Searches and really making it hard to see any useful data.

    Here’s an example of the searches:

    g;m.parentnode.insertbefore(a,m)/v;s=b.getelementsbytagname(e)[0];s.parentnode.insertbefore(t,s)}(window,/page/2/v;s=b.getelementsbytagname(e)

    v;s=b.getelementsbytagname(e)[0];s.parentnode.insertbefore(t,s)}(window,/v;s=b.getelementsbytagname(e)[0];s.parentnode.insertbefore(t,s)}

    We’re on a very good hosting service (WP Engine) and we keep everything up-to-date, so I’m not too concerned about them finding a security hole, I’m just wondering if there’s any place we can blacklist certain searches or a way you know of weeding these out?

    Thanks in advance!

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Mikko Saari

    (@msaari)

    Do these bots use a certain user agent string? If so, you can use relevanssi_bots_to_not_log filter hook to stop them.

    However, it would be better if you could stop them even earlier in the process, as that would save server processing power.

    I’d look into creating a filter on relevanssi_search_ok to stop these:

    add_filter('relevanssi_search_ok', 'rlv_stop_bot_search');
function rlv_stop_bot_search($ok) {
    global $wp_query;
    if (strlen($wp_query->query_vars['s']) > 80) $ok = false;
    return $ok;
}

    This, for example, blocks the search is the search query is more than 80 characters long –?I don’t think anybody actually uses search queries that long. Or you can look for strings like “insertbefore” or other triggers, if the length doesn’t seem like a good idea.

    Thread Starter Lyndon Roeller

    (@lyndonr)

    Hi Mikko,
    Thanks for the quick reply. The character count limiter will work fine!

    Can I just drop that filter snippet in my child theme functions.php? I tried that and it still let the search go through but perhaps that’s expected behavior, perhaps the filter just prevents it from being logged?

    Any help is greatly appreciated.

    Thread Starter Lyndon Roeller

    (@lyndonr)

    Hi Mikko,
    So I’ve had this filter in my functions.php for a week now and I can’t tell if it’s working. Searches for > 80 characters can still take place in WordPress, but does your filter simply prevents them from being passed to Relevanssi?

    If that’s what the filter does, then it could be working. If it’s suppose to stop a long query from being performed at all, then it doesn’t seem like it’s working.

    Sorry for the confusion but I’ve never worked with filters in a plugin before.

    Thanks!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Spider or Bot Hitting Searches’ is closed to new replies.