Yes I see after looking at the various plugins on GitHub it seems they replace the & ampersand string with & when they pull contents from the HTML. They also fake / spoof referrers and can change user-agents etc but they do it properly not like the person who has ended up in my logs. As you said they did it is badly.
I feel this could be a loosing battle if they are spoofing the user-agent referrer etc it is pointless for me to block them since they will update their plugin to change it to match with legitimate web-browser user-agents like chrome, Firefox, Internet Explorer, Microsoft edge etc. What a pickle this is :( Posted at Nginx Forum: https://forum.nginx.org/read.php?2,270705,270713#msg-270713 _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
