Axel Beckert - ecos gmbh wrote: > There is a more easier way, which doesn't need mod_perl. I would use > something like the following: > > BrowserMatchNoCase "(PBrowse|[DPR]Surf15a)" is_a_bot > <Limit> > [...] > Deny from env=is_a_bot > </Limit>
Huh, I hadn't seen mod_setenvif before. I'll play with that - Thanks! But, my main point is really not so much how to block, but rather WHAT are the tools and/or WHO are these people... I would just like to know what is doing this, and how it seems to come from so many different sources... > Try to find out (using whois or nslookup), if the IP belongs to some > ISP. If yes, then complain to abuse@<isp>: This often helps. Many times the IP address comes back as unresolvable. I guess a nice solution might be a module or script that automatically resolves bad requests and then sends an email to the admin at the ISP concerned (max one a day), telling them about the abuse. Yet another Nice Little Project that I don't have time to do. Thanks again... but if anyone has any information about the tools/people that actually spawn these requests, that would be even more useful. Eventually, the spambots will become smarter and start using the same User-Agent strings as Netscape and IE (dunno why they don't do that already, to be honest), at which point we are left with behavioral solutions (e.g. frequency of requests and other patterns), which are much harder to detect, let alone prevent (without potentially blocking valid users). Meantime - any clues as to identity/sources of these rogue tools are still most welcome... -Neil --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
