I'm looking at creating a Magento based solution to detect bots, specifically on search forms.
I have a bot searching a very specific long tail string and it shows on the dashboard of admin as being searched around 4000 times.
Can I observe the search to limit or strip characters out of the search string before Magento processes it, or at least truncate the length of the query? I tried searching the query myself and it just crashes my session. No other users seem to be affected by it, but I'm sure there is a performance hit elsewhere on the system.
For now I've created a honeypot that renders on the template, then I detect it in index.php and simply kill the script. Trying to find a more bullet-proof solution. Any help is greatly appreciated.
Best Answer
Oh interesting question.
What you could do is listen to the event
catalogsearch_query_save_before
and do something with the query then before you save it. You could even throw an exception if you really wanted to kill the search.You could also match the query or ip or something and
setRedirect
on the query object as as the results page is not shown, though I am not 100% sure what the benefit would be for this ;)Another thing would be to listen to the event
controller_action_predispatch
check what is in the requested query and then redirect before anything has actually happened.It is really up to you and what you want to achieve I guess.