betabug... Sascha Welter

home english | home deutsch | Site Map | Sascha | Kontakt | Pro | Weblog | Wiki

28 March 2008

Comments for IE6 disabled

Please use a different browser to leave your oppinion

The last few days I had a huge spamrun targetting my weblog. The attack is pretty stupid, no comments get past coreblog's defenses, but they generate a lot of traffic and confusion in the logs/stats. The botnets the spammers are using seems to be "fresh", so it's mostly not yet in the HoneyPotBL. I had started to block the IP addresses whenever I spotted them, but playing "whack a mole" with spammers gets boring real fast.

Stupid enough, the spammers are abusing the user agent string of IE6. I can't just block that, as still many people use this. But I can block this particular browser from doing POST requests on my server, returning a 403 error code. The requests are still there, but they eat up a lot less resources.

For how it's done on the technical side, read on...


Basically what I do is to change some settings in apache's httpd.conf:


    SetEnvIfNoCase User-Agent "^Mo...(user-agent-string-here)$" block_bad_bots_post

    ... snip ....

    <VirtualHost _default_:80>
    ... snip ....
    <Location "/">
    Order Allow,Deny
    Allow from all
    Deny from env=block_bad_bots
    <Limit POST>
    Deny from env=block_bad_bots_post
    </Limit>
    </Location>

This allows IE6 users to browse the site (GET requests are succeeding), while they can't POST to forms. They get a 403 status code, with a helpful text (for those cases when a real human being attempts to post a comment). I have another Deny line, for all those user agent strings I totally disallow.

It's a mean world out there.

Posted by betabug at 12:01 | Comments (0) | Trackbacks (0)
ch athens
Life in Athens (Greece) for a foreigner from the other side of the mountains. And with an interest in digital life and the feeling of change in a big city. Multilingual English - German - Greek.
Main blog page
Recent Entries
Best of
Some of the most sought after posts, judging from access logs and search engine queries.

Apple & Macintosh:
Security & Privacy:
Misc technical:
Athens for tourists and visitors:
Life in general:
<< Greek Independence Day | Main | Το λιμάνι της Καλαμάτας >>
Comments
There are no comments.
Trackbacks
You can trackback to: http://betabug.ch/blogs/ch-athens/800/tbping
There are no trackbacks.
Leave a comment