{"id":47025,"date":"2019-09-03T08:00:00","date_gmt":"2019-09-03T13:00:00","guid":{"rendered":"https:\/\/www.inmotionhosting.com\/support\/?p=47025"},"modified":"2021-11-19T01:28:30","modified_gmt":"2021-11-19T06:28:30","slug":"block-bad-queries","status":"publish","type":"post","link":"https:\/\/www.inmotionhosting.com\/support\/website\/block-bad-queries\/","title":{"rendered":"How to Fight Malicious Website Scans with BBQ: Block Bad Queries"},"content":{"rendered":"\n<p><strong>In this article:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"#block\">Block Bad Queries<\/a><\/li><li><a href=\"#update\">Updates<\/a><\/li><\/ul>\n\n\n\n<p>WordPress is the most popular content management system (CMS) today. But that doesn&#8217;t mean you have to use it for better security. But that&#8217;s a discussion for another article. <\/p>\n\n\n\n<p>The developers of the <a href=\"\/support\/edu\/wordpress\/how-to-setup-bbq-block-bad-queries-on-wordpress\/\">BBQ: Block Bad Queries WordPress security plugin<\/a> have a standalone PHP script that accomplishes the same goal as its WordPress counterpart. It blocks malicious URL requests to improve web security. Notable examples include file scans for compressed .zip or .tar files, hidden files storing personally identifiable information (PII), and exploitable executable files.<\/p>\n\n\n\n<p>These brute force scans are accomplished with automated programs and a database of known exploitable URLs &#8211; e.g. domain.com\/path-to-file\/etc\/passwd (searching for the Linux password file) and domain.com\/path-to-file\/makefile (attempting to create a file on the server).<\/p>\n\n\n\n<p>Below we cover how to block bad (<em>malicious<\/em>) queries within a PHP website.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"block\">Block Bad Queries<\/h2>\n\n\n\n<ol class=\"article_list wp-block-list\"><li>Visit <a href=\"https:\/\/perishablepress.com\/block-bad-queries.\">https:\/\/perishablepress.com\/block-bad-queries.<\/a><\/li><li><a href=\"\/support\/website\/how-to-edit-a-file\/\">Edit your index.php file<\/a> or another PHP file that will be requested on every website request &#8211; e.g. header.php. If you&#8217;re using an HTML file, copy it to a new index.php file and use that new file.<\/li><li>Copy the code under the <a href=\"https:\/\/perishablepress.com\/block-bad-queries\/#bbq-php-script\">BBQ standalone PHP script section<\/a> into the top of your PHP file.<\/li><li><strong>Save<\/strong> the file.<\/li><li>Check your PHP page to ensure none of the code displays on your website.<\/li><li>Try a malicious URL for basic penetration testing (pen-testing) &#8211; e.g. <em>yourdomain.com\/makefile<\/em>. It should redirect to a 403 error.<\/li><\/ol>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"update\">Updates<\/h3>\n\n\n\n<p>The developer recommends periodically updating the PHP script for improved security.<\/p>\n\n\n\n<ol class=\"article_list wp-block-list\"><li>To do this, <a href=\"\/support\/edu\/wordpress\/how-to-setup-bbq-block-bad-queries-on-wordpress\/#bbq\">download the WordPress plugin from WordPress.org<\/a>.<\/li><li>Open the zip file with <a href=\"https:\/\/www.7-zip.org\/download.html\">7zip<\/a>, Winzip, or <a   href=\"https:\/\/www.inmotionhosting.com\/support\/edu\/cpanel\/engrampa-archive-manager-linux\/\">Engrampa<\/a>.<\/li><li>Open the block-bad-queries.php file.<\/li><li>Copy the code to replace the PHP code on your website.<\/li><\/ol>\n\n\n\n<p>Contact the developer at <a href=\"https:\/\/perishablepress.com\/contact\/\">PerishablePress<\/a><a href=\"https:\/\/perishablepress.com\/contact\/\">.com<\/a> for further assistance. We&#8217;ll update this article when notified of changes to the update process.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this article: Block Bad Queries Updates WordPress is the most popular content management system (CMS) today. But that doesn&#8217;t mean you have to use it for better security. But that&#8217;s a discussion for another article. The developers of the BBQ: Block Bad Queries WordPress security plugin have a standalone PHP script that accomplishes the<a class=\"moretag\" href=\"https:\/\/www.inmotionhosting.com\/support\/website\/block-bad-queries\/\"> Read More ><\/a><\/p>\n","protected":false},"author":57014,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4288],"tags":[],"class_list":["post-47025","post","type-post","status-publish","format-standard","hentry","category-website"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How to Fight Malicious Website Scans with BBQ: Block Bad Queries | InMotion Hosting<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inmotionhosting.com\/support\/website\/block-bad-queries\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Fight Malicious Website Scans with BBQ: Block Bad Queries | InMotion Hosting\" \/>\n<meta property=\"og:description\" content=\"In this article: Block Bad Queries Updates WordPress is the most popular content management system (CMS) today. But that doesn&#8217;t mean you have to use it for better security. But that&#8217;s a discussion for another article. The developers of the BBQ: Block Bad Queries WordPress security plugin have a standalone PHP script that accomplishes the Read More &gt;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inmotionhosting.com\/support\/website\/block-bad-queries\/\" \/>\n<meta property=\"og:site_name\" content=\"InMotion Hosting Support Center\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/inmotionhosting\/\" \/>\n<meta property=\"article:published_time\" content=\"2019-09-03T13:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-11-19T06:28:30+00:00\" \/>\n<meta name=\"author\" content=\"InMotion Hosting Contributor\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/InMotionHosting\" \/>\n<meta name=\"twitter:site\" content=\"@InMotionHosting\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"InMotion Hosting Contributor\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/website\/block-bad-queries\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/website\/block-bad-queries\/\"},\"author\":{\"name\":\"InMotion Hosting Contributor\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/f9a4fc454cd1df128ee8e898d30d4644\"},\"headline\":\"How to Fight Malicious Website Scans with BBQ: Block Bad Queries\",\"datePublished\":\"2019-09-03T13:00:00+00:00\",\"dateModified\":\"2021-11-19T06:28:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/website\/block-bad-queries\/\"},\"wordCount\":335,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\"},\"articleSection\":[\"Website\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.inmotionhosting.com\/support\/website\/block-bad-queries\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/website\/block-bad-queries\/\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/website\/block-bad-queries\/\",\"name\":\"How to Fight Malicious Website Scans with BBQ: Block Bad Queries | InMotion Hosting\",\"isPartOf\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#website\"},\"datePublished\":\"2019-09-03T13:00:00+00:00\",\"dateModified\":\"2021-11-19T06:28:30+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/website\/block-bad-queries\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.inmotionhosting.com\/support\/website\/block-bad-queries\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/website\/block-bad-queries\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.inmotionhosting.com\/support\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Fight Malicious Website Scans with BBQ: Block Bad Queries\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#website\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/\",\"name\":\"InMotion Hosting Support Center\",\"description\":\"Web Hosting Support &amp; Tutorials\",\"publisher\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.inmotionhosting.com\/support\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\",\"name\":\"InMotion Hosting\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg\",\"contentUrl\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg\",\"width\":696,\"height\":696,\"caption\":\"InMotion Hosting\"},\"image\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/inmotionhosting\/\",\"https:\/\/x.com\/InMotionHosting\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/f9a4fc454cd1df128ee8e898d30d4644\",\"name\":\"InMotion Hosting Contributor\",\"description\":\"InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!\",\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/inmotion-hosting\/\",\"https:\/\/x.com\/https:\/\/twitter.com\/InMotionHosting\"],\"url\":\"https:\/\/www.inmotionhosting.com\/support\/author\/inmotion-hosting-contributor\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Fight Malicious Website Scans with BBQ: Block Bad Queries | InMotion Hosting","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inmotionhosting.com\/support\/website\/block-bad-queries\/","og_locale":"en_US","og_type":"article","og_title":"How to Fight Malicious Website Scans with BBQ: Block Bad Queries | InMotion Hosting","og_description":"In this article: Block Bad Queries Updates WordPress is the most popular content management system (CMS) today. But that doesn&#8217;t mean you have to use it for better security. But that&#8217;s a discussion for another article. The developers of the BBQ: Block Bad Queries WordPress security plugin have a standalone PHP script that accomplishes the Read More >","og_url":"https:\/\/www.inmotionhosting.com\/support\/website\/block-bad-queries\/","og_site_name":"InMotion Hosting Support Center","article_publisher":"https:\/\/www.facebook.com\/inmotionhosting\/","article_published_time":"2019-09-03T13:00:00+00:00","article_modified_time":"2021-11-19T06:28:30+00:00","author":"InMotion Hosting Contributor","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/InMotionHosting","twitter_site":"@InMotionHosting","twitter_misc":{"Written by":"InMotion Hosting Contributor","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inmotionhosting.com\/support\/website\/block-bad-queries\/#article","isPartOf":{"@id":"https:\/\/www.inmotionhosting.com\/support\/website\/block-bad-queries\/"},"author":{"name":"InMotion Hosting Contributor","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/f9a4fc454cd1df128ee8e898d30d4644"},"headline":"How to Fight Malicious Website Scans with BBQ: Block Bad Queries","datePublished":"2019-09-03T13:00:00+00:00","dateModified":"2021-11-19T06:28:30+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inmotionhosting.com\/support\/website\/block-bad-queries\/"},"wordCount":335,"commentCount":0,"publisher":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#organization"},"articleSection":["Website"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inmotionhosting.com\/support\/website\/block-bad-queries\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inmotionhosting.com\/support\/website\/block-bad-queries\/","url":"https:\/\/www.inmotionhosting.com\/support\/website\/block-bad-queries\/","name":"How to Fight Malicious Website Scans with BBQ: Block Bad Queries | InMotion Hosting","isPartOf":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#website"},"datePublished":"2019-09-03T13:00:00+00:00","dateModified":"2021-11-19T06:28:30+00:00","breadcrumb":{"@id":"https:\/\/www.inmotionhosting.com\/support\/website\/block-bad-queries\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inmotionhosting.com\/support\/website\/block-bad-queries\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.inmotionhosting.com\/support\/website\/block-bad-queries\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inmotionhosting.com\/support\/"},{"@type":"ListItem","position":2,"name":"How to Fight Malicious Website Scans with BBQ: Block Bad Queries"}]},{"@type":"WebSite","@id":"https:\/\/www.inmotionhosting.com\/support\/#website","url":"https:\/\/www.inmotionhosting.com\/support\/","name":"InMotion Hosting Support Center","description":"Web Hosting Support &amp; Tutorials","publisher":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inmotionhosting.com\/support\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.inmotionhosting.com\/support\/#organization","name":"InMotion Hosting","url":"https:\/\/www.inmotionhosting.com\/support\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/","url":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg","contentUrl":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg","width":696,"height":696,"caption":"InMotion Hosting"},"image":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/inmotionhosting\/","https:\/\/x.com\/InMotionHosting"]},{"@type":"Person","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/f9a4fc454cd1df128ee8e898d30d4644","name":"InMotion Hosting Contributor","description":"InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!","sameAs":["https:\/\/www.linkedin.com\/company\/inmotion-hosting\/","https:\/\/x.com\/https:\/\/twitter.com\/InMotionHosting"],"url":"https:\/\/www.inmotionhosting.com\/support\/author\/inmotion-hosting-contributor\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"primary_category":null,"_links":{"self":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/47025","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/users\/57014"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/comments?post=47025"}],"version-history":[{"count":6,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/47025\/revisions"}],"predecessor-version":[{"id":91866,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/47025\/revisions\/91866"}],"wp:attachment":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/media?parent=47025"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/categories?post=47025"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/tags?post=47025"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}