Crash in login due to bot. How to prevent?

I am getting this error in the log. The Ip address is belonging to

However, I cannot reproduce it by hand and I do not know what is causing the error.

Does anybody know how to prevent this crash?

[][-][-][error][yii\web\HttpException:400] exception

‘yii\web\BadRequestHttpException’ with message 'It is not possible

to verify the data. (Translated by hand)’ in


Stack trace:




#1 /var/www/html/

yii\base\Controller->runAction(’’, Array)



yii\base\Module->runAction(’’, Array)




#4 /var/www/html/


#5 {main}

2015-11-02 02:15:03 [][-][-][info][application] $_SERVER =


'HTTPS' => 'on'

'PATH' =>



'SERVER_SOFTWARE' => 'Apache/2.4.7'


'SERVER_ADDR' => 'xxxxx'

'SERVER_PORT' => '443'


'DOCUMENT_ROOT' => '/var/www/html/'

'REQUEST_SCHEME' => 'https'


'CONTEXT_DOCUMENT_ROOT' => '/var/www/html/'

'SCRIPT_FILENAME' => '/var/www/html/'

'REMOTE_PORT' => '46377'



'REQUEST_METHOD' => 'quit'



'SCRIPT_NAME' => '/index.php'

'PHP_SELF' => '/index.php'

'REQUEST_TIME_FLOAT' => 1446426903.984

'REQUEST_TIME' => 1446426903


I didn’t know about that before, but now I do.

You have been hit by a junk-email robot.

Thank you for the answer. But I still do not know what I have to do. Do I have to change Apache? The Yii2 configuration? The controller?

ModSecurity, maybe?

Google around for info on that.

I have almost zero knowledge about webserver configuration.

What you want is something that can block the offending IP addresses.

OK, try this:


And another alternative:

Just pick the free script since you don’t need pro when you’re not using Wordpress…

Still, I think it is better handled in .htaccess

I’m the founder of Shodan and the “QUIT” command is actually part of closing an SSL connection to the server. It isn’t related to SMTP in this case. If you don’t send a QUIT command to an open SSL connection it won’t close nicely. You can replicate the way the crawlers operate using the command-line by using:

echo QUIT | openssl s_client -connect <YOUR IP>:443

It looks like the QUIT command is being interpreted as a regular HTTP request and that’s causing the service to crash. I hope that explains what’s going on at least from Shodan’s end!

Best regards,


This command retrieves the TLS-certificate of the site and generates no error. Moreover, the domain request in the error is a virtual subdomain. Can you explain what your software is really doing?

Shodan doesn’t look at domains or subdomains and it literally runs the above command. You should be able to replicate the issue by using the above command and entering your IP address (make sure it’s not the domain of your website). You can also email me at with your IP address and I can investigate further, but I’ve described above what is going on from Shodan’s perspective.