Support » Plugin: Blackhole for Bad Bots » Can I confirm?

  • Resolved Jay Holtslander

    (@jasonh1234)


    If a bot were to visit

    /?blackhole

    as opposed to

    /?blackhole=XXXXXXXXXXX

    Will they still be blocked without that identifier bit of the query string?

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author Jeff Starr

    (@specialk)

    Nope. Try it and see. The random string is a nonce value that must match with the current nonce for your site. Security feature.

    <facepalm>
    Ok so each site gets its own unique identifier?
    And as long as that identifier is used, it’ll work?

    Plugin Author Jeff Starr

    (@specialk)

    No it’s a nonce value. Generated by WordPress. It changes periodically. It is random. More infos: https://codex.wordpress.org/WordPress_Nonces

    Argh. I wanted to have a collection of manually defined redirects that I pointed to the blackhole. Is there some way I can do this?

    Plugin Author Jeff Starr

    (@specialk)

    Not that I know of off-hand. But the nonce value is available anywhere within WordPress. The name is blackhole_trigger, generated in blackhole-core.php on line 7.

    Hmmm. This is what I’m trying to work with:

    [Screenshot]

    Don’t think I can utilize blackhole_trigger in there.

    Plugin Author Jeff Starr

    (@specialk)

    Yeah it doesn’t look like it from the screenshot.

    Can you tell me more about that security feature and why it’s needed?

    I’d really like to be able to ban an IP automatically for trying to reach a URL included in a large list of exploit URLs.

    Plugin Author Jeff Starr

    (@specialk)

    Basically it’s a security feature that prevents bad actors from exploiting the blackhole functionality. You can take a look at how the nonce is used on line 23 in blackhole-core.php.

Viewing 9 replies - 1 through 9 (of 9 total)
  • You must be logged in to reply to this topic.