Insight

Using AbuseIPDB to protect your Drupal site

A man in a white button up shirt stands smiling in front of a metal wall
Philip Curley Technical Lead

Overview

The 2020 Bad Bot Report conducted by Imperva estimates that on average a website will experience 19-26% of its traffic from malicious, bad bots. Bot traffic is, other than being annoying, wasting your site’s resources like load and bandwidth. Furthermore, the real danger of bot traffic is that these bots will exploit a security vulnerability or inundate your web forms with incomprehensible spam.

Luckily there are some tools which can help site administrators combat this predictable phenomenon. One such tool is AbuseIPDB, a site dedicated to making the web safer by tracking IP addresses which are known to belong to bots and hackers. Their goal is to create a database of IP addresses that are publicly available to reference. If an IP is blacklisted you can bounce them before they get to any content.

When you use Drupal, you can extend your site with a module that will allow your site to benefit from the reports on AbuseIPDB as well as contribute to the growing database of malicious traffic. The only thing you need to begin is a user account on AbuseIPDB.com.

 

How does the module protect a Drupal site?

AbuseIPDB is a collaborative effort to track these bots by their IP addresses. It relies on the contributions of users across the web reporting malicious bot traffic on their sites and servers. There are thousands of reports generated daily from users who detect bot traffic and report it.

The Drupal module utilizes AbuseIPDB in two ways: checking and reporting IP addresses. Checking allows Drupal to determine if the IP has acted abusively according to other AbuseIPDB users before allowing it to access the site or form. Drupal reports an IP address if it acts in a way that is abusive or suspicious based on some of the features of the module.

 

Protect your URL endpoints

Automated bot traffic is very persistent but not very sophisticated. For example, many are simply programmed to find Wordpress sites which still use a default username and password. These bots don’t care if the site is running Drupal or even has a user login.

Drupal backend is shown with the Paths Check tab displayed. In the paths text box wp-login.php is listed.

With the AbuseIPDB Drupal module we can predict that malicious bot traffic will attempt to request the Wordpress login at wp-login.php. Using the Path Check we can report and ban traffic that treats your site like a Wordpress site. A Human would know better!

 

Protect your forms

One of the more frustrating admin experiences is getting a notification of a website form feedback only to receive spam that makes absolutely no sense. Use the AbuseIPDB Drupal module Form Check tool to protect your forms.

Drupal backend is shown. Forms Check tab is displayed. In the Forms IDs text field user_login_form is listed.

Use a list of form IDs and upon form submission Drupal will run an IP check to AbuseIPDB. If the IP is a known spammer or an abusive bot, it will prevent the form from being submitted.

 

Ban Malicious IPs from accessing your site

The module isn't simply limited to checking and reporting! Drupal 8 is packaged with Ban module which keeps a list of IP addresses that are banned from accessing site resources. The AbuseIPDB module is configured to utilize the Ban module to protect your site from malicious IPs. This will help save you processing power and bandwidth traffic costs so that your site is only delivering content to legitimate, human visitors.

Check box with the text of: Ban IP? Also ban the IP address from requesting anything from Drupal

Every one of the tools in AbuseIPDB gives you the option to Ban the malicious IP address in addition to reporting it to the database. 

If you are trying to secure your Drupal 8 site try out the AbuseIPDB module.

 

Did you know that Interactive Knowledge has a few other Drupal.org modules our team maintains? Check them out for your Drupal project here: