I suspect that there are bots that do not identify themselves as such, particularly from China. Since I assume that from TLDs other than my country (.it) with an empty referer I have almost zero access and instead the bots are maximally present, I inserted these lines of code in pws.php after
"// country detection":

Code (PHP):

if ( $js_referer == "" && $country <> "it") {
  $domain_name = trim(gethostbyaddr($ip_address));
  file_put_contents("bot.txt", date("H:i:s d/m/Y",$time_stamp)." * ".$ip_address." * ".$country." *".$js_referer."* $domain_name\n", FILE_APPEND);
  exit;
}
 

I am a first-time experimenter but in one day I found these entries:

06:36:46 22/01/2024 * 123.249.yy.xx * cn ** ecs-123-249-yy-xx.compute.hwclouds-dns.com
10:32:40 22/01/2024 * 111.7.yy.xx * cn ** 111.7.yy.xx

I suppose they are SPAM or bot and with the payed plug-in I suppose I can check it in a better way.

Reimar schrieb am 23.01.24 um 09:41:43:


No, blocking entire countries is not in my principles. I know that there are webmasters or service operators who receive a lot of spam or have a lot of harvesters from China or other countries, but blocking entire countries is not in my line. There are many visitors coming from all over the world, including China.

Instead I am incorporating a different approach that I am experimenting with these days, I copy the code:

Code (PHP):

####################################################################
### edit to avoid spam
####################################################################

function honeypot($ip, $referer, $country, $time_stamp){
    // key for SPAM service honeypot https://www.projecthoneypot.org
    $access_key = "abcdefghilmnop";
    $file = "bot_SPAM.txt";
    $domain_name = trim(gethostbyaddr($ip));
    $date = date("H:i:s d/m/Y",$time_stamp);

    // invert IP
    $reversed_ip = implode('.', array_reverse(explode('.', $ip)));

    // do query DNS
    $query = $access_key . "." . $reversed_ip . ".dnsbl.httpbl.org";

    // execute query DNS
    $response = gethostbyname($query);

    // check if IP is legit
    if ($response != $query) {
      // IP not legit
      // analyze the type of threat
      $response_array = explode('.', $response); //127.x.y.z

      // must be 127
      $version = $response_array[0];
      if ($version <> 127){
        //same thing is wrong in answer of honeypot server
        return;
      }

      // The second octet indicates the number of days since the IP was last seen
      $days = $response_array[1];

      // The third octet indicates the IP threat score (0 to 255)
      $threat = $response_array[2];

      // The fourth octet indicates the type of visitor (bitwise)
      $type = $response_array[3];

      // Define constants for visitor types
      define('SEARCH_ENGINE', 0);
      define('SUSPICIOUS', 1);
      define('HARVESTER', 2);
      define('COMMENT_SPAMMER', 4);
      $visitatore = ""; //type of visitor
      // Check if the visitor is a search engine
      if ($type == SEARCH_ENGINE) {
        echo "Il visitatore è un motore di ricerca.";
        $visitatore .= "SEARCH_ENGINE ";
      }

      // Check if the visitor is suspicious
      if ($type & SUSPICIOUS) {
        echo "Il visitatore è sospetto.";
        $visitatore .= "SUSPICIOUS ";
      }

      // Check if the visitor is a harvester
      if ($type & HARVESTER) {
        echo "Il visitatore è un harvester.";
        $visitatore .= "HARVESTER ";
      }

      // Check if the visitor is a comment spammer
      if ($type & COMMENT_SPAMMER) {
        echo "Il visitatore è un comment spammer.";
        $visitatore .= "COMMENT_SPAMMER ";
      }
      file_put_contents($file, $date ." * ". $visitatore ."* ". $ip ." * ". $country ." *". $referer ."* $domain_name\n", FILE_APPEND);
      exit;
    }
    else {
      // The response is invalid, meaning that the IP is not present in the database
      echo "The visitor is not in the Project Honey Pot database.";
      // IP probably legitimate, from a legal user
      return;
    }
}