0

I appear to have a bingbot accessing a couple of my pages on my website that send out emails to employees. It will access the page at random times and it triggers the email being sent out over and over again.

Most of the pages on the website check for user authentication but these email pages don't. I'm sure if I made these pages also check authentication it would stop sending the emails, but is there a way to get this thing to stop attempting to access my website all together? Will the bot ever stop on its own?

thanks.

bmacx7
  • 1
  • 3
  • 2
    You can use a `robots.txt` file to control the behavior of indexing bots, but I think you have a conceptual problem there. Just accessing a page (without clicking on any button) should not trigger an E-Mail. – PMF Dec 02 '21 at 15:55
  • There are a lot of [captcha](https://github.com/search?l=PHP&q=captcha&type=Repositories), [anti bot](https://github.com/search?l=PHP&q=anti+bot&type=Repositories) available on GitHub. For example: [antibot](https://github.com/masterguru/antibot). – vee Dec 02 '21 at 15:58
  • Follow comment 1 or at least put some kind of password or accesskey in the get to prevent this from shooting off. – Forbs Dec 02 '21 at 15:59

1 Answers1

2

Search engine bots will make requests to your site using GET requests.

Look at the HTTP documentation:

4.2.1. Safe Methods

Request methods are considered "safe" if their defined semantics are essentially read-only; i.e., the client does not request, and does not expect, any state change on the origin server as a result of applying a safe method to a target resource. Likewise, reasonable use of a safe method is not expected to cause any harm, loss of property, or unusual burden on the origin server.

and

Of the request methods defined by this specification, the GET, HEAD, OPTIONS, and TRACE methods are defined to be safe.

You are sending an email in response to a GET request, which violates this rule.

Change your system so the email is only sent if the URL is requested with, for example, a POST method (and change the bits of your system which interact with it so they use POST instead of GET).

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335