• This update contains an important bugfix to handle malformed UTF-8 in user agent strings.
  • This update will simply ignore any user agents with malformed UTF-8, avoiding errors when trying to send updates via the API. These user agents are invalid and so there is no point undertaking any further analysis - thus they are silently discarded.
  • This new version also contains an additional CLI tool for importing user agents from a text file, for testing purposes.
  • Like
Reactions: rojo_salas
Minor bug fix - no need to update unless you are experiencing problems sending bot updates.
  • when sending bots via email, include the bot list as an attachment rather than in the body
  • new CLI tool to send bots via email directly, used for debugging bot sending issues
v6 is another major rewrite of the core functionality of the addon, aimed at improving the submission process for newly detected useragents and performance improvements.

Important for v4 users: with this release, I am deprecating the v1 API - addon versions v4.x and earlier will continue to function for a while but will then start returning 404 error codes once I turn off the v1 API. Anyone still running KnownBots v4.x should upgrade as soon as possible.

Important for v5 users: The v2 API used in addon v5.x for fetching new bots will remain operational, however, I am deprecating the email based submission system in favour of a new API based user agent submission system. After a transition period, the inbound email system will be disabled and any emails sent to the [email protected] address will bounce back as undelieverable. Anyone still running KnownBots v5.x should either upgrade, or at least disable the "Email user agents" option in the v5.x addon options.

Important for anyone upgrading to v6: the new submission system in v6 uses an authentication process to ensure only valid submissions occur. After upgrading to v6, to continue submitting new user agents for analysis, you must first configure the authentication system - it is a very simple process - see instructions on the addon page. The options for v6 have changed - you should check them after upgrading.

The new submission system in v6 utilises the XenForo customer validation API to authenticate sites when submitting agents via our new API.

To configure the API, enter the License validation token for your site, found in the XenForo customer interrface. The validation token will be sent to the XenForo customer validation API by the KnownBots system and if valid, a KnownBots API token will be generated and returned back to the requesting forum for subsequent authentication purposes.

With a validated license, the authentication process is automatic. API tokens are regenerated every 28 days and are re-authenticated automatically. Customer details are automatically purged from the KnownBots database after 30 days of inactivity (see privacy details on main addon page). Regenerating your license validation token will automatically cause API revalidation to fail and customer details to be purged - unless you re-configure the addon options with the new license validation token.

Changelog for v6:
  • new CLI tool known-bots:parse to parse web server log files and display detected bots
  • new CLI tool known-bots:send to send newly detected user agents to the KnownBots API for analysis
  • new CLI tool known-bots:check-token to validate that the API token successfully authenticates - and optionally have the system regenerate a new API token if it has expired
  • [email protected] email address is deprecated and will be removed soon - emails should no longer be sent to this address
  • new configuration option to "Send user agents via API", which requires configuration by entering a XenForo license validation token. New agents are sent directly via api and no longer by email
  • the "Email user agents" option remains - but is used only for forum administrators to send themselves emails if they choose. Upgrading to v6 of the addon removes any reference to [email protected] from this configuration option.
  • addon now uses v3 of the bot fetch API, which includes new functionality
  • v2 of the bot fetch API remains operational for sites still using addon v5.x
  • v1 of the bot fetch API is now deprecated and will soon stop functioning - sites still using addon v4.x should upgrade as soon as possible
  • new functionality for the addon - a list of regex based ignore strings to remove malformed or obfuscated user agents from analysis. This also allows us to ignore user agents containing sql-injection and other forms of attack which typically flood a system with a large number of unique user agents in a short period of time.
  • performance enhancement - we no longer do browser or ignored checks for user agents of users who are logged in. We assume that anyone logged in with a valid XenForo user id is using a valid browser. Note that bot detection is still run, just in case. This significantly reduces the amount of processing performed by the addon for valid users.
Back
Top Bottom