Banning Pesky Guestbook Spammers Re-lived

Fix it!!

Banning Pesky Guestbook Spammers Re-lived

Postby YoDude9999 » Sat Feb 17, 2007 11:42 am

Richard, I want to thank you for your help with my previous post located http://forum.modrewrite.com/viewtopic.php?t=2404&highlight= and say that your method works exceedingly well. Now that it's been in place for sometime, I've noticed many of the offending spam is also coming from log entries which take the form of:


[02/17/2007 03:54:18] - 83.139.121.176 - "Opera/9.0 (Windows NT 5.1; U; en)" - dh121-176.xnet.hr

[02/17/2007 07:42:27] - 129.59.34.121 - "Opera/9.0 (Windows NT 5.1; U; en)" - A034121.N1.Vanderbilt.Edu

Again, there is a commonality with these in that Opera/9.0 seems to be a majority of my guestbook problems and eliminating them would surly do well to keep the riff-raff out of my guestbook. While ".hr" and ".Edu" are now quite simple to close the door on using the method from your previous response, I'd like to get the string of "Opera" quelled as well using the same method as before, as it does work so well.

I guess I just don't understand the rewrite at all...the syntax with it just throws me completely :)

TAIA,

Yo-
YoDude9999
 
Posts: 11
Joined: Wed Nov 22, 2006 2:19 am

Postby richardk » Sat Feb 17, 2007 11:56 am

You shouldn't block Opera, it's a browser and lots of legitimate users may be using it.

Code: Select all
Options +FollowSymLinks

RewriteEngine On

RewriteCond %{HTTP_USER_AGENT} opera/9\.0 [NC,OR]
RewriteCond %{REMOTE_HOST} \.(com|net|org)$ [NC]
RewriteRule .* - [F]
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby YoDude9999 » Tue Feb 20, 2007 12:48 pm

Thanks Rich,

My AWStats (which I look at daily) points out pretty much all aspects of users, hosts, ip addy's etc. etc. and with MSIE coming in at 68.8%, Firefox at 18.5% and Netscape at 3.3% and finally Mozilla at 2.4% for a total of over 90% of my traffic, I feel I can miss out on the Opera at 1.6% of traffic without much loss to the world. This holds especially true when every Opera hit is one that is directed to my guestbook page and nothing else. In fact, most are direct hits on my perl script that logs guest entries.

When the bots get smart enough to use these other high traffic explorers for posting advertising to guestbooks or give false information...I'll probably just eliminate it all together to avoid the hassle, unless I can come up with some better way to deal with them.

For now, these steps are working very well :)

Thanks again,

Yo-
YoDude9999
 
Posts: 11
Joined: Wed Nov 22, 2006 2:19 am

Postby richardk » Tue Feb 20, 2007 1:39 pm

You could change .* to a regex that matches only the guest book PERL script (eg. ^path/to/guestbook-submit\.cgi$) to allow them to view the rest of your site.
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby YoDude9999 » Wed Feb 21, 2007 1:18 am

The structure of the site and it's directories along with htaccess files still allows users to view the site.

It's set up in such a manner that I can ban from a site-wide standpoint and/or from just the guestbook itself.

The guestbook spammers are restricted from accessing those pages completely while still allowing them to view the rest of the site's contents.

Yo- :D
YoDude9999
 
Posts: 11
Joined: Wed Nov 22, 2006 2:19 am


Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: No registered users and 8 guests

cron