httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Viktoras Didziulis" <vikto...@ekoinf.net>
Subject Re: [users@httpd] How to deny access based on user agent - help
Date Fri, 23 Jun 2006 22:22:06 GMT
 Hi, 
 
once I experienced similar problem with spammer looking for vulnerabilities
in my feedback form scripts. Of course he used proxies, so denying by IP
would have no sense. 
 
So I hide the script behind a single shtml page, so that no one could ever
know what the real name of any script is. All cgi requests on that site
started to be handled by same shtml file, where conditional SSI instructions
distributed tasks to different scripts by "watermarks" in query string
(using regexps). So all forms had action="index.shtml".
 
Spammer started scanning cgi-bin folder looking for scripts named like mail,
formmail, friendmail, tellyourfriend, etc.. So the feedback script was
renamed to abdbxq.cgi.  Still the remaining annoyance was to see the spammer
flooding my site with requests for nonexisting mail.cgi, formail.pl, and
simmilar combinations and hundreds of hits per day. Servers error log was
filled with "File does not exist". So I added this to my .htaccess:
 
RewriteEngine on
RewriteRule ^(.*)(mail|library|list|form|tell|friend)(.*) http://localhost
[nc]
 
Since then my server logs are clean :-) 
 
Best wishes
Viktoras
 
 
 
-------Original Message------- 
 
From: Admin 
Date: 06/23/06 17:51:57 
To: users@httpd.apache.org 
Subject: [users@httpd] How to deny access based on user agent - help 
 
Hi, 
 
There is one particular spammer who I want to deny access to my web site. 
 
He is leaving comments & sending emails through the contact form which 
are full of p*rn site urls etc. 
 
He is spoofing his ip address so denying access on ip is out. The only 
thing consistent is the browser he uses. The string returned in the 
access log is "Mozilla/4.0 (compatible; MSIE 5.01; MSNIA; Windows 98)" 
and I thought I can deny access to the web site for this user agent as 
till now this guy is the only one visitor to my site using a browser 
returning this string. 
 
I am a newbie and do not have much knowledge of regular expressions etc. 
I know that with the proper settings in the htaccess file I should be 
able to stop him. 
 
Mod rewrite is available. 
Web server is Apache 1.3.34. 
 
Any pointers/help will be highly appreciated. 
 
Regards. 
Sanjay Dutt 
 
-- 
The Dutts Home Site: www.thedutts.com 
 
 
 
-- 
No virus found in this outgoing message. 
Checked by AVG Free Edition. 
Version: 7.1.394 / Virus Database: 268.9.2/373 - Release Date: 6/22/2006 
 
 
--------------------------------------------------------------------- 
The official User-To-User support forum of the Apache HTTP Server Project. 
See <URL:http://httpd.apache.org/userslist.html> for more info. 
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org 
" from the digest: users-digest-unsubscribe@httpd.apache.org 
For additional commands, e-mail: users-help@httpd.apache.org 
 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message