Major Website Security Flaw Makes Vunerable One-Third of Websites

Experts have reported a major flaw in the security software used by millions of Web sites, including those of banks, credit card companies, e-mail and social media services. The flaw, dubbed “Heartbleed,” makes possible the exposure of users’ names and passwords, the content of their communications, and their data to anyone who knows how to exploit the weakness.

It’s as if your front door wasn’t locked. Someone could get in as long as it’s not fixed. We should be clear that this does not mean that anyone has already gained entry or that any of your information has necessarily been stolen. What it does mean is that your information and sites are vulnerable to access, theft and disruption until such time as a fix is applied.

What can you do about it?

The problem is related to software installed on servers. Fixes are available and being implemented by most web service providers. We here at DataPlex are providing advisory services, helping other companies to secure their websites as quickly as possible. Let us know if we can help you.

Once a website has been fixed, it may still be necessary to replace security certificates used for secured communications and change user passwords. We will recommend the extent these steps are necessary after the fix has been applied and we have been able to examine the servers in question.

We hope every server on the Internet gets patched, but, alas, that is not typical. Some servers will remain vulnerable, and the only way to tell is to run a test, such as the test available at filippo.io/Heartbleed/. Go to that site and type in the URL of the website you intend to visit, e.g. www.google.com (Google is safe, this is just an example). You should be concerned only about websites using https, also known as SSL and TSL or that are simply known as “secured websites.”

Our best, and we wish you a safe and productive web presence.

Three-Way Security Improvement Initiative

We have been tracking the staggering increase of late in the number of security issues associated with websites at large. Already, we have proprietary methods in place to detect unusual activity on our servers and to take appropriate action when alerted. (Mostly, these alerts have been our being notified that our servers are running slow or are low on storage.)

To reduce the possibility of a major security violation, we here at DataPlex have decided to make non-optional the security measures built into our AmpUp framework, our software platform that drives enterprise-related software. Starting immediately, we are embarking upon a three-way security improvement initiative:

  1. All system access with be over secured HTTPS instead of over unsecured HTTP
  2. We will force all user passwords to be made stronger, using a combination of upper and lower case, numbers and punctuation
  3. In most cases, IP access from unknown locations will be restricted or challenged

For our customers with annual maintenance agreements, this initiative will be included in our regular update release. Other customers may see an occasional nominal charge on their monthly bill. In either case, we will need our customer’s cooperation to help their staff change their passwords and provide us with approved IP addresses. As the techniques of hackers change, over time we may enact additional security improvement measures.

We would like to thank our customers for their patience and apologize in advance for any inconvenience. We value our customer’s business and feel it is important that we do what we can to protect the systems upon which that they rely. Please feel free to contact us with any questions.

DataPlex Releases Generic Reporter for its AmpUp Platform

DataPlex is proud to announce the immediate availability of its web-based “DataPlex Reporter,” A powerful data reporting tool that integrates seamlessly with any of DataPlex’s AmpUp-based applications. AmpUp is a framework for developing web-based database management systems that many different types of businesses use to manage their unique workflows.

Typically, an AmpUp system contains several database tables that compartmentalize data, for example a customer table, vendor table, or transaction table. The DataPlex Reporter automatically taps into these tables in an intelligent way and presents a user with an organized list of fields and filter functions with which to prepare a report. Reports are first presented on the screen, after which they can be printed or exported to a spreadsheet program such as Microsoft Excel. Reports can be saved with an unique name and later recalled.

South Coast Botanic Garden gets FRONDS

South Coast Botanic Garden, located on the Palos Verdes Peninsula in California, is now running on our Fundraising and Operations Network Data System (Fronds) specifically developed for botanic gardens, zoos, museums and other arts and recreation organizations. Fronds combines many back office donor management operations with front office guest services such as ticket sales, membership purchases and class registration. Previously, South Coast was running on an established donor-management software package that did not provide the full range of capabilities that its staff needed.

Adrienne Lao Nakashima, CEO of the South Coast Botanic Garden Foundation, writes:

Faced with a tight deadline and having to transfer data from our old system, DataPlex was able to get our business and development offices as well as our Guest Services Center up and running on our new FRONDS system in less than one month. They walked-us through all the hardware setup and made it easy for us to seamlessly transition to an entirely new system that integrates development with membership management and operations. When we went live, the DataPlex team was always available to answer any questions and helped us make tweaks along the way. Now, we enjoy the equivalent of three separate systems all conveniently rolled up into one cost-effective package.

More information about FRONDS can be found on its informative fronds.org website.

DataPlex provides Data Integration for an Energy Company

An energy company had a dilemma — rush a new enterprise application into early service or attempt to breathe some more life into their existing Excel workbooks, utilized as part of the company’s sales workflow. The challenge was to integrate the existing Excel workbooks with disparate data systems located in different places on the Internet include a critical system operated by a financing partner. As most developers find out, Excel is not a good tool when it comes to web communications.

In a matter of weeks, DataPlex engineers devised a new server that the Excel workbooks could interrogate and get a highly structured and therefore reliable view of data from the remote systems. All instances of the workbooks communicate only with the new server, and the server, based on a powerful Microsoft .NET platform, takes the responsibility of communicating with the other data sources. The server itself is a multitasker, able to handle thousands of concurrent workbook connections at one time, more than enough to satisfy the energy company’s userbase.

DataPlex engineers participated as part of the internal team at the energy company put together to manage the project which had company-wide workflow and business considerations. Because of the fast response required, DataPlex used a form of Agile software development with periodic releases and client reviews.

DataPlex engineers are skilled in designing and implementing custom software designs. Let us know how we can help you implement a solution to your custom set of requirements.

Rapidly Deploy Business Systems – Introducing FRONDS

AmpUp logoDataPlex’s AmpUp “Rapid Enterprise Deployment” software platform is being used to implement “million dollar systems” at a fraction of the cost. Each system is designed to enhance an organization’s already proven workflow, further leverage its business intelligence, and make it more productive and profitable. DataPlex AmpUp systems are 100% web-based and come already mobile and tablet enabled for access from anywhere. Example of already deployed systems are:

  • An Electronic Field Reporting System used by police officers to file incident report more quickly and conveniently
  • A Field Service Management System streamlines an ATM installation and repair company’s operation
  • PlexChex, a web service that constantly monitors and sends alerts based on website and business system performance
  • A Patient Management System with advanced EMR support to reduce the staff workload of medical groups
  • A new Fundraising Organization Network Database System (FRONDS) helps non-profits be more efficient at donor development and membership management
AmpUp-Based FRONDS Now Live at Descanso Gardens

FRONDS logoThe most recent AmpUp-based enterprise system developed by DataPlex is its Fundraising Organization Networked Data System, known as FRONDS, which is now live at Descanso Gardens and enabling their staff to more effectively interact with its membership of 18,000 people. The “back office” of development where all donations are managed went live on June 1st and the “front office” of the Visitor Center with membership and ticket sales went live on July 1st.

Intersection of Enterprise, Mobile and CloudNot only did DataPlex engineers design a custom version of FRONDS for Descanso Gardens called the Descanso Gardens Enterprise System (DGES) but they are hosting it on the Amazon’s high-performance EC2 cloud. DataPlex has become truly a one-stop shop that can work with an organization all the way from concept and design through development and hosting, and offers a suite of already developed modules for integrating enterprise, mobile and the cloud.

FRONDS is based on DataPlex’s AmpUp rapid development enterprise software platform that reduces the amount of time and cost to get a state-of-the-art web-based platform up and running. Many of the standard AmpUp features are available such as flexible searching, Excel/OpenOffice exporting, mail merging and consolidated “one button” month end reporting.

Some of the more interesting capabilities of FRONDS are:

  • Real-time dashboard display of daily activity
  • Print and scan ID cards
  • Point-of-sale (POS) operations: ticket, course and membership sales
  • Automatic letter generation with mail-merge capabilities
  • Track donor gifts by solicitations and campaigns
  • Donor communications Journal
  • Calendar of events
  • Budgets and Actuals: trend analysis and forecasting
  • Accounting Reports organized by General Ledger codes
  • Single-button Month-End Reporting
  • Multitude of workflow reports, document generation and Excel export

Descanso Gardens sample ID card

Descanso Gardens ID card

FRONDS prints membership cards, each one with different information including member name, ID number and an associated scancode. The Descanso Gardens staff decided to print all the cards themselves rather than use a commercial printer. With two printers set up, each of which prints one card every 7 seconds, the entire print job was under 20 hours. While printing, the staff was able to test scan the cards for quality control purposes so as to be sure to keep to their aggressive timeline. Now that the cards have been printed, the staff only has to print a couple thousand cards a month, a comparatively easy task, and has the option to offload some the ID card printing to the Visitor Center when people who sign up can get their ID card instantly.

The system dashboard shows the staff the current weather conditions and real-time visitation and sales figures, and compares them to the same day of the week of the previous year.

FRONDS Dashboard

FRONDS Dashboard

FRONDS also has an interactive POS cash register that is 100% web-based and compatible with all major web browsers including those for iPads and other tablets and which is also touch screen and barcode scanner enabled.

FRONDS Point-of-Sale Screen

FRONDS Point-of-Sale Screen


Descanso Gardens executives report how FRONDS is already proving its value:

  • Instantaneous reporting that will help us manage our enterprise better
  • Tracking member behavior, which improves our knowledge of a key, core constituency
  • Integrates POS with membership management
  • Provides us with much more powerful tools for member fulfillment and satisfaction:
    • instant enrollment and addition to the database
    • near-instant fulfillment of membership cards
    • much faster renewal process (soon to be also web-based)
    • better “member experience” at check-in
    • much better control of entrance gate
  • Much simplified and more user-friendly donor tracking, moves management, reporting system that is also much less expensive than the current systems in wide use such as Blackbaud’s Raiser’s Edge and DonorPerfect

Even though they had been using a different commercially available web-based donor management package, they will still realize a 25% savings in overall work effort by using FRONDS which aligns more closely with their fundraising and membership management requirements.

DataPlex FRONDS in the Descanso Gardens Visitor Center

FRONDS in the Descanso Gardens Visitor Center

For more information about FRONDS, AmpUp, one of the other AmpUp systems, or to discuss without obligation what DataPlex technical services can do for you, please feel free to contact us anytime.

SpeedZone get DataPlex Scoreboard Display Electronics

In less than three months, DataPlex designed and manufactured replacement scoreboard display tower electronics for the SpeedZone racetracks as the original manufacturer went out of business and SpeedZone needed working electronics for its karting and Grand Prix scale model Formula One racecar venues. The modest-size scoreboard controller is responsible for displaying all the lap times of each vehicle going around a racetrack on the 10,000 LED display. The displays automatically dim in the evening and on cloudy days to conserve power and be at an appropriate brightness to viewers.

DataPlex’s has been supplying custom electronics and amusement park venue control systems to the SpeedZone locations since 1997. Please read the DataPlex Case Study for more information.

SpeedZone, also known as Malibu Grand Prix and Malibu SpeedZone are the names of a group of motorsports-themed family entertainment centers throughout the United States and is owned by American amusement and entertainment company Palace Entertainment. Palace Entertainment is itself owned by Spanish amusement company Parques Reunidos.

Website for the Law Offices of Constance Bessada

DataPlex designed and is now hosting the website for the Law Offices of Constance Bessada, an experienced family law attorney. Her website follows many of her design requirements including page layout, color scheme, and methods of interactivity. Feel free to take a look!

A Letter to Start-Ups on Technical Development

Lower your Development Costs by as much as 50%

There is a perfection in getting your product into the marketplace as soon as possible so that it can evolve organically rather than waiting for it to achieve perfection.

Dear Start-Up:

Get to a “Minimum Viable Product” as quickly as possible. Whether your “product” is hardware, software, a combination of the two, or some kind of service, not only will you save money, the sooner you get something operating that people can use, the faster they will be able to provide you with useful insight, and the sooner you will have opportunities to refine and, in some cases, redefine you approach. Do not fear mistakes and false starts, as you will get past them and into a position of having happy customers and growing your new customer base.

As its name suggests, a Minimum Viable Product, or “MVP,” has just enough features and functionality to be useful. The bells and whistles can come later, once you have the core product well defined. As easy as this sounds, you may be hard pressed to find a true minimum set of features because you might second guess yourself by thinking that this or that feature, by not being included, could handicap the critical initial release and prevent it from being accepted.

But moving right to a MVP does not mean you start coding today. There is an important planning step that can save you from a tremendous amount of grief and possible failure. This step is the writing of a good technical product specification that will help you decide on the minimum set of features so that your MVP is developed as quickly and as close to your vision as possible.

Listen up: Do not skip this step, even if you think your MVP is not “rocket science.” It may not be, but it is often your young company’s first technical cornerstone, setting forth its basic system architecture and, as such, it needs to provide a strong foundation for what is to come.

Why you Need a Specification

Chances are good that you will need outside developers. If one of your founders is a developer, he’ll probably be too busy with other start-up related issues to be able to dedicate enough of his time to managing all of the development. Besides, if your product is to get out in a timely fashion, it may need more short-term talent … so it’s time to call in some professional developers.

As developers prepare quotations for you, they will ask you for a number of technical items to help them gauge the effort, to neither overshoot nor undershoot your requirements. Examples of such items are technical write-ups, screenshots, mock ups, demonstration videos, sample code, proof-of-concepts, “lab curiosities,” the technical section of your business plan, to name a few typical items which are, by the way, best provided or shown under a non-disclosure agreement. Be mindful of not delivering materials that are focused only in one area, such as the end-user experience, because they may not provide enough detail by themselves to cover the full range of your MVP’s features and functions.

Developers are at their best they receive a high quality technical product development specification against which they can then provide exacting quotations. Besides serving other purposes such as helping you to intelligently determine the MVP’s feature set and establishing your budget, this specification becomes a technical document that liaises between you and your developers. It tells them in no uncertain terms what the product will look like, how it will behave, and what “under the hood” considerations need to be made. It eliminates guesswork on the part of the technicians and programmers. It prevents unpleasant surprises during the course of development when, for example, you and your developer suddenly realize there has been a difference in assumption on some aspect of the product; to resolve this now apparent and unfortunately discrepancy, the development path has to change, the deployment delayed, and the budget revised higher.

Please don’t think that a product specification will take long. We’ve done them in as quickly as a few days and certainly not longer than a few weeks for more complicated projects. Depending on the kind of product or service, a typical specification runs from between 10 and 50 pages. During the writing of the specification, several important issues usually come to light that are best addressed before development is actually begun. These issues are not necessarily technical; they can be related to the business model, customer requirements, and government regulation, among many other factors.

Also, do not think of the time to have a specification prepared as being “lost.” The clarity that the specification will bring to the table will actually allow your product to be developed more quickly overall. Also, some degree of technical research and development work is performed during the preparation of a technical specification, much of which finds its way into the final MVP. Occasionally, there may be multiple technological approaches that need to be evaluated in light of the project’s desired goals. All in all, this engineering-driven specification process with some built-in R&D has the effect of significantly lowering your overall development costs, in our experience by as much as 50%.

Some questions may come to mind…

What will my specification look like? What will it contain? It will be a comprehensive report having, among other things, every feature, every function and every user interface screen of your MVP defined. It has sections of standards, guidance, goals, assumptions, checklists and definitions. it covers all of the MVP’s functional requirements, and some non-functional requirements as well. It deals not only with the software layers but also with what hardware will be used, even if it’s cloud-based, and how it is configured, made secure and has built-in redundancy and backups. It will incorporate your business intelligence, philosophy, personality and value proposition. To the extent of relevance, it will identify vendors, manufacturing processes, and intellectual property considerations. It will contain a proposed development schedule along with an estimated budget.

What does a specification do for me? With proper care, your specification evolves into a “living” guide for the technical side of your business. It becomes an important asset of your company, thereby increasing the value of your company. It can be leveraged to add significant value to your business plan and to your patent filings, and it also becomes a cornerstone for your trade secrets. It can be used to solicit exacting quotations from not only the technical advisory firm who may have helped you develop the specification in the first place but also from a number of other competing firms as well if you so choose.

Should I pay for the specification? Shouldn’t developers do it as part of their quote? Most developers provide free quotes when given a reasonably good specification of what it is they are being asked to do. In lieu of their receiving enough technical material, developers may suggest that you have a technical specification prepared as the very next step. You can do that yourselves or have a qualified engineering team do it for you. Since your MVP’s specification is custom work which has no market other than you, and since it will increase the valuation of your young company, the developers are entitled to just compensation for this preliminary effort. Also, the adage, “you get what you pay for” is very applicable here — you want a solid, engineering document upon which your future can rely. You really do not need a bare bones, short-term “punch list” that will be essentially obsolete a few changes later.

Once you have a properly designed specification for the MVP, your project manager can “shop it around” for maximum cost savings without giving up much in the way of quality. You may choose to break it up into sections so as to help minimize the exposure of your intellectual property and trade secrets. Once one or more developers have been engaged, your project manager will then monitor the project’s progress, providing you with updates and flagging any important issues that need your attention.

As part of the technology strategy consulting that DataPlex provides, our engineers can develop your product specification, act as your project manager, and undertake key portions or possibly all of the technical development to ensure that trade-offs are properly considered and your MVP is developed quickly and to your liking. We can help you develop “customer profiles” and “use cases” that serve to bring closer the real-world to your product’s development. Feel free to contact us to find out how in your particular case we may be best able to help.

What to do about Bots that kill AWS Micro Instances running WordPress

For one of our customers, we leveraged WordPress and its powerful capabilities to create a rather large website consisted of hundred of pages. Because the expected traffic is to be low, we installed their site on a economical AWS Micro Instance which performed well. In the middle of last night, however, the instance’s CPU utilization percentage hit 100% for nearly one hour. Anyone else accessing the site during this period would have had a sluggish if not unresponsive experience.

AWS Micro Instances are great for testing and deploying simple websites that, by their design and market, won’t be required to work very hard. That said, websites are at the mercy of whoever accesses them from the rest of the Internet. Too many accesses during too short of period can overrun the resource allotment of a Micro Instance.

In our investigation, we discovered that a bot called Aboundexbot was the culprit. The Aboundexbot bot wanted to crawl the entire site and quickly at that, an act which threw the CPU Utilization to 100% because AWS micro instances, as their name implies, are limited to a certain amount of CPU activity per unit of time. Unfortuately, Aboundexbot did not throttle it’s access as do other better behaved bots, and it apparently does not have a built-in mechanism (such as a timeout) to detect when it may be overtaxing a site.

In any case, we decided that we just didn’t want Aboundexbot and perhaps some other badly behaved bot to visit our customer’s site so as the keep the site performing well. Our thought was to add a corresponding “disallow” entry to the “robots.txt” file. However, whereas this is a simple task for a regular website, it is more challenging for a WordPress-based site if it has been installed in the domain root. In that case, all of the site’s root file access go through WordPress’s dynamic page generation, including access to the theoretical “robot.txt” file.

In the WordPress wp-includes/ folder, there is a file called functions.php in which there is a function called do_robots() which dynamically creates a “robot.txt” file on demand. But it’s not very sophisticated, allowing for just two types of output depending on the Site Visibility setting under WordPress’ Dashboard > Settings > Privacy page.

We could have added a plug-in that provided finer robot.txts control, and we still might do that, but to get a solution in quickly, we decided to simply enhance the do_robots() function as follows (our code addition in boldface):

function do_robots() {
  header( 'Content-Type: text/plain; charset=utf-8' );

  do_action( 'do_robotstxt' );

  $output = "User-agent: *\n";
  $public = get_option( 'blog_public' );
  if ( '0' == $public ) {
    $output .= "Disallow: /\n";
  } else {
    $site_url = parse_url( site_url() );
    $path = ( !empty( $site_url['path'] ) ) ? $site_url['path'] : '';
    $output .= "Disallow: $path/wp-admin/\n";
    $output .= "Disallow: $path/wp-includes/\n";
    $fbotmore = file_get_contents('./wp-content/robots.txt');
    if ($fbotmore !== false) $output .= $fbotmore;
  }

  echo apply_filters('robots_txt', $output, $public);
}

We are currently on WordPress version 3.3.1. Because different versions of WordPress may have different code for this function, use your programming know-how to add the above two boldfaced lines to the function in the most appropriate way. Note that this is not a permanent change as any significant WordPress upgrade will overwrite this change in the functions.php file.

We then located a list of other badly behaved bots and installed our collective list in the wp-contents/robot.txt file which is now included whenever our domain.com/robot.txt file is accessed.

For your reference, here is what we came up with for the contents of our robots.txt file. Note that WordPress has a few entries of its own that are placed in advance of this content.

User-agent: Aboundexbot
Disallow: /
User-agent: NPBot
Disallow: /
User-agent: TurnitinBot
Disallow: /
User-agent: EmailCollector
Disallow: /
User-agent: EmailWolf
Disallow: /
User-agent: CopyRightCheck
Disallow: /
User-agent: Black Hole
Disallow: /
User-agent: Titan
Disallow: /
User-agent: NetMechanic
Disallow: /
User-agent: CherryPicker
Disallow: /
User-agent: EmailSiphon
Disallow: /
User-agent: WebBandit
Disallow: /
User-agent: Crescent
Disallow: /
User-agent: NICErsPRO
Disallow: /
User-agent: SiteSnagger
Disallow: /
User-agent: ProWebWalker
Disallow: /
User-agent: CheeseBot
Disallow: /
User-agent: ia_archiver
Disallow: /
User-agent: ia_archiver/1.6
Disallow: /
User-agent: Teleport
Disallow: /
User-agent: TeleportPro
Disallow: /
User-agent: Wget
Disallow: /
User-agent: MIIxpc
Disallow: /
User-agent: Telesoft
Disallow: /
User-agent: Website Quester
Disallow: /
User-agent: WebZip
Disallow: /
User-agent: moget/2.1
Disallow: /
User-agent: WebZip/4.0
Disallow: /
User-agent: Mister PiX
Disallow: /
User-agent: WebStripper
Disallow: /
User-agent: WebSauger
Disallow: /
User-agent: WebCopier
Disallow: /
User-agent: NetAnts
Disallow: /
User-agent: WebAuto
Disallow: /
User-agent: TheNomad
Disallow: /
User-agent: WWW-Collector-E
Disallow: /
User-agent: RMA
Disallow: /
User-agent: libWeb/clsHTTP
Disallow: /
User-agent: asterias
Disallow: /
User-agent: httplib
Disallow: /
User-agent: turingos
Disallow: /
User-agent: spanner
Disallow: /
User-agent: InfoNaviRobot
Disallow: /
User-agent: Harvest/1.5
Disallow: /
User-agent: Bullseye/1.0
Disallow: /
User-agent: Mozilla/4.0 (compatible; BullsEye; Windows 95)
Disallow: /
User-agent: Crescent Internet ToolPak HTTP OLE Control v.1.0
Disallow: /
User-agent: CherryPickerSE/1.0
Disallow: /
User-agent: CherryPickerElite/1.0
Disallow: /
User-agent: WebBandit/3.50
Disallow: /
User-agent: DittoSpyder
Disallow: /
User-agent: SpankBot
Disallow: /
User-agent: BotALot
Disallow: /
User-agent: lwp-trivial/1.34
Disallow: /
User-agent: lwp-trivial
Disallow: /
User-agent: Wget/1.6
Disallow: /
User-agent: BunnySlippers
Disallow: /
User-agent: URLy Warning
Disallow: /
User-agent: Wget/1.5.3
Disallow: /
User-agent: LinkWalker
Disallow: /
User-agent: cosmos
Disallow: /
User-agent: moget
Disallow: /
User-agent: hloader
Disallow: /
User-agent: humanlinks
Disallow: /
User-agent: LinkextractorPro
Disallow: /
User-agent: Offline Explorer
Disallow: /
User-agent: Mata Hari
Disallow: /
User-agent: LexiBot
Disallow: /
User-agent: Web Image Collector
Disallow: /
User-agent: The Intraformant
Disallow: /
User-agent: True_Robot/1.0
Disallow: /
User-agent: True_Robot
Disallow: /
User-agent: BlowFish/1.0
Disallow: /
User-agent: JennyBot
Disallow: /
User-agent: MIIxpc/4.2
Disallow: /
User-agent: BuiltBotTough
Disallow: /
User-agent: ProPowerBot/2.14
Disallow: /
User-agent: BackDoorBot/1.0
Disallow: /
User-agent: toCrawl/UrlDispatcher
Disallow: /
User-agent: WebEnhancer
Disallow: /
User-agent: TightTwatBot
Disallow: /
User-agent: suzuran
Disallow: /
User-agent: VCI WebViewer VCI WebViewer Win32
Disallow: /
User-agent: VCI
Disallow: /
User-agent: Szukacz/1.4
Disallow: /
User-agent: QueryN Metasearch
Disallow: /
User-agent: Openfind data gathere
Disallow: /
User-agent: Openfind
Disallow: /
User-agent: Xenu's Link Sleuth 1.1c
Disallow: /
User-agent: Xenu's
Disallow: /
User-agent: Zeus
Disallow: /
User-agent: RepoMonkey Bait & Tackle/v1.01
Disallow: /
User-agent: RepoMonkey
Disallow: /
User-agent: Zeus 32297 Webster Pro V2.9 Win32
Disallow: /
User-agent: Webster Pro
Disallow: /
User-agent: EroCrawler
Disallow: /
User-agent: LinkScan/8.1a Unix
Disallow: /
User-agent: Kenjin Spider
Disallow: /
User-agent: Keyword Density/0.9
Disallow: /
User-agent: Cegbfeieh
Disallow: /
User-agent: SurveyBot
Disallow: /
User-agent: duggmirror
Disallow: /

To test your change to the do_robots(), just access from your favorite browser your domain.com/robot.txt file. Did it work? Let us know.

Hopefully, this change will keep the micro instance from being overtaxed by zealous bots. If you get a bot that simply ignores the robot.txt file, you may have to resort to adding a “deny from” entry in your server configuration, but in our experience we haven’t seem many of those.