On Tue, 25 Jul 2017 13:15:33 +0100 RW <rwmailli...@googlemail.com> wrote:
> https://pastebin.com/p7EnFNf7 We've seen lots of those and collected a few dozen unique URLs for our URL blacklists. I added a swath of them to the APER project in this commit: https://sourceforge.net/p/aper/code/11830/ All of the URLs match this pattern: /\/[A-Z]{4}\d{6}\/$/ (The leading/trailing Perl slash delimiters are included, but not part of the pattern.) so I think a URL rule can catch these. Doing a HEAD on the URL gives Content-Type: application/msword. I think it's most likely safe to do HEAD requests, but definitely not GET as others have mentioned. Regards, Dianne.