Hi, once I experienced similar problem with spammer looking for vulnerabilities in my feedback form scripts. Of course he used proxies, so denying by IP would have no sense. So I hide the script behind a single shtml page, so that no one could ever know what the real name of any script is. All cgi requests on that site started to be handled by same shtml file, where conditional SSI instructions distributed tasks to different scripts by "watermarks" in query string (using regexps). So all forms had action="index.shtml". Spammer started scanning cgi-bin folder looking for scripts named like mail, formmail, friendmail, tellyourfriend, etc.. So the feedback script was renamed to abdbxq.cgi. Still the remaining annoyance was to see the spammer flooding my site with requests for nonexisting mail.cgi, formail.pl, and simmilar combinations and hundreds of hits per day. Servers error log was filled with "File does not exist". So I added this to my .htaccess: RewriteEngine on RewriteRule ^(.*)(mail|library|list|form|tell|friend)(.*) http://localhost [nc] Since then my server logs are clean :-) Best wishes Viktoras -------Original Message------- From: Admin Date: 06/23/06 17:51:57 To: users@xxxxxxxxxxxxxxxx Subject: [users@httpd] How to deny access based on user agent - help Hi, There is one particular spammer who I want to deny access to my web site. He is leaving comments & sending emails through the contact form which are full of p*rn site urls etc. He is spoofing his ip address so denying access on ip is out. The only thing consistent is the browser he uses. The string returned in the access log is "Mozilla/4.0 (compatible; MSIE 5.01; MSNIA; Windows 98)" and I thought I can deny access to the web site for this user agent as till now this guy is the only one visitor to my site using a browser returning this string. I am a newbie and do not have much knowledge of regular expressions etc. I know that with the proper settings in the htaccess file I should be able to stop him. Mod rewrite is available. Web server is Apache 1.3.34. Any pointers/help will be highly appreciated. Regards. Sanjay Dutt -- The Dutts Home Site: www.thedutts.com -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.9.2/373 - Release Date: 6/22/2006 --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|