Support » Plugin: Blackhole for Bad Bots » Can I confirm?

  • Resolved Jay Holtslander

    (@jasonh1234)


    If a bot were to visit

    /?blackhole

    as opposed to

    /?blackhole=XXXXXXXXXXX

    Will they still be blocked without that identifier bit of the query string?

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author Jeff Starr

    (@specialk)

    Nope. Try it and see. The random string is a nonce value that must match with the current nonce for your site. Security feature.

    Thread Starter Jay Holtslander

    (@jasonh1234)

    <facepalm>
    Ok so each site gets its own unique identifier?
    And as long as that identifier is used, it’ll work?

    Plugin Author Jeff Starr

    (@specialk)

    No it’s a nonce value. Generated by WordPress. It changes periodically. It is random. More infos: https://codex.wordpress.org/WordPress_Nonces

    Thread Starter Jay Holtslander

    (@jasonh1234)

    Argh. I wanted to have a collection of manually defined redirects that I pointed to the blackhole. Is there some way I can do this?

    Plugin Author Jeff Starr

    (@specialk)

    Not that I know of off-hand. But the nonce value is available anywhere within WordPress. The name is blackhole_trigger, generated in blackhole-core.php on line 7.

    Thread Starter Jay Holtslander

    (@jasonh1234)

    Hmmm. This is what I’m trying to work with:

    [Screenshot]

    Don’t think I can utilize blackhole_trigger in there.

    Plugin Author Jeff Starr

    (@specialk)

    Yeah it doesn’t look like it from the screenshot.

    Thread Starter Jay Holtslander

    (@jasonh1234)

    Can you tell me more about that security feature and why it’s needed?

    I’d really like to be able to ban an IP automatically for trying to reach a URL included in a large list of exploit URLs.

    Plugin Author Jeff Starr

    (@specialk)

    Basically it’s a security feature that prevents bad actors from exploiting the blackhole functionality. You can take a look at how the nonce is used on line 23 in blackhole-core.php.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Can I confirm?’ is closed to new replies.