How to Block Aggressive Bot Traffic: The 2026 Apache & phpBB Guide - Tested.

Feel free to start a conversation on any subject, whether it's related to Romania or not. This is our place for open talk about anything and everything.
Post Reply
User avatar
Laurentiu
Site Admin
Posts: 397
Joined: Wed Jan 14, 2026 2:18 pm
Location: Cuib, Prahova, Romania
Contact:
Contact Laurentiu

How to Block Aggressive Bot Traffic: The 2026 Apache & phpBB Guide - Tested

Post by Laurentiu »

Managing a website often means dealing with a massive influx of automated bot traffic. Recently, many webmasters have noticed a surge in "Guest" sessions using outdated browser versions (like Chrome 103–120) and fixed screen resolutions (1280x1200). These are not real users; they are "headless browsers" or scrapers that consume server resources and skew your Google Analytics data.

Here is a comprehensive guide on how to block them at the server level and secure your platform.

1. The Server-Level Shield (.htaccess)
The most efficient way to stop bots is at the "gate," before they even reach your website's scripts. If you are using an Apache server, you can add these rules to your .htaccess file (code below).

Important Note: Finding your .htaccess file
Before you begin, please keep in mind:
  • Location: The .htaccess file is located in the root directory of your website (usually public_html, www, or the main folder where your forum is installed).
  • Hidden Status: Because the filename starts with a dot, it is considered a hidden file.
How to see it:
  • In cPanel File Manager: Click on "Settings" in the top right corner and check the box that says "Show Hidden Files (dotfiles)".
  • In FTP clients (like FileZilla): Go to the "Server" menu and select "Force showing hidden files".
Creation: If you don't see one even after enabling hidden files, you can simply create a new text file, name it .htaccess (make sure there is no .txt extension at the end), and upload it to your root folder.

This method works for any platform (phpBB, WordPress, or custom sites).

Code: Select all

RewriteEngine On

# 1. ALLOW GOOD BOTS (SEO)
# We ensure that essential search engines are never blocked.
RewriteCond %{HTTP_USER_AGENT} (Googlebot|Bingbot|Yandex|Slurp|Ecosia|DuckDuckBot|Baiduspider) [NC]
RewriteRule ^ - [L]

# 2. BLOCK OUTDATED CHROME VERSIONS (Bot Farms)
# Real users in 2026 do not use Chrome 103-120. These are almost exclusively bots.
RewriteCond %{HTTP_USER_AGENT} Chrome/(103|104|105|106|107|108|109|110|111|112|113|114|115|116|117|118|119|120)\. [NC]
RewriteRule ^.*$ - [F,L]

# 3. BLOCK EMPTY USER AGENTS
# Blocks primitive scripts that don't identify themselves.
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule ^.*$ - [F,L]
Below I let you a image of how to correctly place the htaccess rule (tested by me on beautiful-romania.com). It must be under "RewriteEngine On" rule:
Image

2. Hardening phpBB Security
If you are running a phpBB forum (like version 3.3.15), you should also adjust your internal settings to handle persistent guest sessions.
  • Go to ACP > General > Server Configuration > Security Settings:
  • Session IP validation: Set to All. This prevents bots from hopping between different IP addresses within the same session.
  • Validate browser: Set to Yes. It adds an extra layer of verification for the User-Agent string.
  • Check IP against DNS Blackhole List: Set to Yes. This checks the visitor's IP against global spam databases (Spamcop/Spamhaus).
  • Tie forms to guest sessions: Set to Yes. This is crucial to prevent bots from submitting search or registration forms without a valid session.
3. Why This Matters
  • Server Performance: By blocking bots in .htaccess, your server doesn't waste CPU and RAM processing fake requests.
  • Data Accuracy: Your Analytics will finally show real human engagement instead of thousands of 0-second bounces.
  • SEO Safety: By explicitly allowing "Good Bots" (Google, Bing, Yandex, etc.), your search engine rankings remain unaffected while the "garbage" traffic is filtered out.
UPDATE: I let you a proof screenshot of how our solution block unwanted traffic generated by bots after implementation on beautiful-romania.com (our website) -47,2% means bad bots blocked:
Image

Admin Notes:
  • Always back up your .htaccess file before making changes and test your site in a modern browser to ensure you haven't accidentally blocked yourself!
  • This metod will reduce bad bot traffic with at least 50%.
  • If you need more help with this anti-bot implementation, just reply here, and i will help you.
Last edited by Laurentiu on Sun Apr 12, 2026 12:21 pm, edited 2 times in total.
Reason: update: proof screenshot
If you like this article, please share it. ↗️
Top
Post Reply

Return to “THE VILLAGE SQUARE”