This is Interesting: Free Magazines for Graphics designers and webmasters
Home > Archive > Webmaster forum > May 2007 > banning this browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
banning this browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
|
|
| no.reply7@comcast.net 2007-05-16, 6:20 pm |
| In my htaccess file, I have some restrictions using the following
rule: RewriteCond %{HTTP_USER_AGENT}. One example would be:
RewriteCond %{HTTP_USER_AGENT} ^.*baidu.*$ [NC,OR], which restricts
any browser with baidu in it name.
How can I set up a rule to ban this particular browser: Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1; SV1) ? 95% of requests made to
my site by this browser is spam. I thought of using ^.*SV1.*$ but
unfortunately, there are legitimate browsers with SV1 in parts of
their name.
Thanks for the help.
--F
| |
| shimmyshack 2007-05-16, 10:16 pm |
| On May 16, 6:25 pm, "no.rep...@comcast.net" <no.rep...@comcast.net>
wrote:
> In my htaccess file, I have some restrictions using the following
> rule: RewriteCond %{HTTP_USER_AGENT}. One example would be:
> RewriteCond %{HTTP_USER_AGENT} ^.*baidu.*$ [NC,OR], which restricts
> any browser with baidu in it name.
>
> How can I set up a rule to ban this particular browser: Mozilla/4.0
> (compatible; MSIE 6.0; Windows NT 5.1; SV1) ? 95% of requests made to
> my site by this browser is spam. I thought of using ^.*SV1.*$ but
> unfortunately, there are legitimate browsers with SV1 in parts of
> their name.
>
> Thanks for the help.
>
> --F
when u say "ban" i assume you mean, "try to stop"
any real spammer will use a valid IE6 user agent. this method does not
work unfortunately.
better would be to use mod_security to rule the type of request out
quietly, and accept that any public website (or hospital or library)
will be a target, and take steps to deal with the results rather than
gradually close the doors to people based on the way they look, which
will only ban those with no skill to hurt your interests anyway.
| |
|
| On 16 May 2007 10:25:21 -0700 no.reply7@comcast.net said
> In my htaccess file, I have some restrictions using the following
> rule: RewriteCond %{HTTP_USER_AGENT}. One example would be:
> RewriteCond %{HTTP_USER_AGENT} ^.*baidu.*$ [NC,OR], which restricts
> any browser with baidu in it name.
>
> How can I set up a rule to ban this particular browser: Mozilla/4.0
> (compatible; MSIE 6.0; Windows NT 5.1; SV1) ? 95% of requests made to
> my site by this browser is spam. I thought of using ^.*SV1.*$ but
> unfortunately, there are legitimate browsers with SV1 in parts of
> their name.
>
> Thanks for the help.
Looks like a good UA to me, but if you want to stop it, try
RewriteCond %{HTTP_USER_AGENT} ^Mozilla/4\.0 \(compatible; MSIE 6\.0; Windows NT 5\.1; SV1\)$
Sig
--
http://koiclubsandiego.org/comment/?r=8
3186fdb515784af427d7bd83018826b9
| |
| ol'softy 2007-05-18, 6:16 am |
| "no.reply7@comcast.net" <no.reply7@comcast.net> wrote:
>In my htaccess file, I have some restrictions using the following
>rule: RewriteCond %{HTTP_USER_AGENT}. One example would be:
>RewriteCond %{HTTP_USER_AGENT} ^.*baidu.*$ [NC,OR], which restricts
>any browser with baidu in it name.
>
>How can I set up a rule to ban this particular browser: Mozilla/4.0
>(compatible; MSIE 6.0; Windows NT 5.1; SV1) ? 95% of requests made to
>my site by this browser is spam. I thought of using ^.*SV1.*$ but
>unfortunately, there are legitimate browsers with SV1 in parts of
>their name.
>
>Thanks for the help.
>
>--F
I'd suggest checking to see if the spam comes from a single ip-addr
and banning the ip instead of the u-a. Anything to do with
user-agents is likely to bite you sooner or later, there are 'bots out
there that send null u-a strings, 'bots that make up random u-a
strings, all kind of crap going on that is sufficient to make trusting
anything u-a based kind of goofy.
--
contact via http://www.ren-prod-inc.com/hug_soft
| |
| Jim Hayter 2007-05-21, 6:17 pm |
| shimmyshack wrote:
> On May 17, 5:06 pm, "no.rep...@comcast.net" <no.rep...@comcast.net>
> wrote:
<snip>
> sources? do you mean referers?
> If so you are probably being log spammed. If you logs are public, the
> referers are logged and your logs indexed by google, which increases
> the ranking for these sites.
> Implement a simple login/basic auth protection for your logs and they
> will get bored.
I'm not seeing much evidence that they get bored. My logs have never
been public, but I see log spam on a regular basis. One of the joys of
running an internet facing web server.
Jim
| |
| still me 2007-05-23, 6:18 pm |
| On Mon, 21 May 2007 10:52:16 -0400, Jim Hayter
<see.reply.to@nowhere.invalid> wrote:
>I'm not seeing much evidence that they get bored. My logs have never
>been public, but I see log spam on a regular basis. One of the joys of
>running an internet facing web server.
>
>Jim
Jim:
Can you tell me more about what you mean by "log spam"? Are you
saying that they are trying to get into your logs just so you can see
their url, or that they are getting into your logs and then getting
your logs indexed by google (for you) to increase their own visibility
?
| |
| Jim Hayter 2007-05-23, 6:18 pm |
| still me wrote:
> On Mon, 21 May 2007 10:52:16 -0400, Jim Hayter
> <see.reply.to@nowhere.invalid> wrote:
>
>
> Jim:
>
> Can you tell me more about what you mean by "log spam"? Are you
> saying that they are trying to get into your logs just so you can see
> their url, or that they are getting into your logs and then getting
> your logs indexed by google (for you) to increase their own visibility
> ?
>
>
I meant the latter. It is my impression that since some sites publish
their logs, there are those who "spam" the logs in order to get their
URLs indexed. I find GET requests with arguments added in that have
nothing to do with my sites. The arguments have text and URLs that
point to sites all over the world. Some is pr0n, a lot is
pharmaceutical, all of it looks like sites I'd never want to visit.
Jim
| |
| still me 2007-05-23, 10:30 pm |
| On Wed, 23 May 2007 15:33:21 -0400, Jim Hayter
<see.reply.to@nowhere.invalid> wrote:
>
>I meant the latter. It is my impression that since some sites publish
>their logs, there are those who "spam" the logs in order to get their
>URLs indexed.
Thanks. Quite honestly, I've never understood why those sites publish
their logs. I can't imagine who cares to see their log files - and
they just add more noise to web searches.
| |
| shimmyshack 2007-05-24, 6:26 pm |
| On May 24, 1:52 am, still me <wheeled...@yahoo.com> wrote:
> On Wed, 23 May 2007 15:33:21 -0400, Jim Hayter
>
> <see.reply...@nowhere.invalid> wrote:
>
>
> Thanks. Quite honestly, I've never understood why those sites publish
> their logs. I can't imagine who cares to see their log files - and
> they just add more noise to web searches.
they are also a boon to hackers - session ids (such as those on admin
urls) and other nasties can often appear in logs, providing another
vector for exploitation.
|
|
|
| | Copyright 2003 - 2008 forum4designers.com Software forum Computer Hardware reviews |
|