Dealing with bots sending malformed URLs?

Is anybody aware of any libraries for Phoenix that deal with bots sending malformed URLs?

Here’s an example:

[Phoenix.Router.MalformedURIError *MereWeb.Router.call/2*
](https://sentry.io/organizations/personal-6jx/issues/2746880988/?project=5996367&query=is%3Aunresolved)

malformed URI path: "/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh"

I’m getting a bunch of entries like these showing up in my Sentry alerts and if anyone is aware of a plugin solution for this, I’d love to hear about it.

2 Likes

You could probably setup and configure plug_attack to block the offending IPs. See in particular the fail2ban rule function, with which you can fail specific requests, and temporarily ban IPs that keep trying them.

Admittedly, I do not have experience with it, but it is very similar to Ruby’s rack-attack, that offers the same features in Ruby applications, and that I used in the past for these kind of cases.

7 Likes

Dealed with it last week. Fail2ban was not only the easiest but also the most effective solution. For Nginx we scraped the acces.log for 404’s.

4 Likes

Here’s some more details on implementing PlugAttack, it’s a great library for dealing with this https://www.paraxial.io/blog/throttle-requests

2 Likes