Of Stack

Apache USES.htaccess to block malicious User Agent of

  • 2020-05-10 23:23:20
  • OfStack

1. Registered malicious User Agent
1, "Mozilla / 4.0 (compatible; MSIE 7.0; Windows NT 5.1; EmbeddedWB from 14.52: http: / / www bsalsa. com/EmbeddedWB 14.52; . NET CLR 2.0.50727)"

Below are two entries in the site's log. This User Agent will repeatedly visit the registration page and get the captcha, which is the beginning of spam and malicious registration. 



116.242.22.10 199.27.128.204  �   �  [30/Oct/2011:04:02:15 +0800]  " GET /checkcode.php HTTP/1.1 "  302 286  " http://www.***.com/register.php "   " Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; EmbeddedWB 14.52 from: http://www.bsalsa.com/ EmbeddedWB 14.52; .NET CLR 2.0.50727) " 



116.242.22.10 199.27.128.204  �   �  [30/Oct/2011:04:02:19 +0800]  " POST /register.php HTTP/1.1 "  302 286  " http://www.***.com/register.php "   " Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; EmbeddedWB 14.52 from: http://www.bsalsa.com/ EmbeddedWB 14.52; .NET CLR 2.0.50727) "

2, "Mozilla/QunarBot / 5.0 1.0"

This is a spider that ignores robots.txt and is suspected of having something to do with where to go.

3, "Mozilla / 4.0 (compatible; MSIE 5.00; Windows 98)." 



61.147.91.201 173.245.48.60  �   �  [30/Oct/2011:06:00:28 +0800]  " GET /mp3/%A5%D6%A5%EB%A9%60%A5%D0%A9%60%A5%C9.mp3 HTTP/1.1 "  302 286  " - "   " Mozilla/4.0 (compatible; MSIE 5.00; Windows 98) "

See yet? Windows 98! Always grab the site directory mp3 file, is the original upload mp3 file to the wrong site.

4, "Mozilla / 4.0" 



58.255.120.95 199.27.128.216  �   �  [30/Oct/2011:06:01:26 +0800]  " GET /ikmedata/cache/fuck.php HTTP/1.1 "  404 1479  " - "   " Mozilla/4.0 " 

58.255.120.95 199.27.128.216  �   �  [30/Oct/2011:06:01:27 +0800]  " GET /data/cache/fuck.php HTTP/1.1 "  404 1479  " - "   " Mozilla/4.0 " 

58.255.120.95 199.27.128.216  �   �  [30/Oct/2011:06:01:27 +0800]  " GET /data/cache/fuck.php HTTP/1.1 "  404 1479  " - "   " Mozilla/4.0 "

Another crappy, endless scan, very disgusting.

2. Block malicious User Agent
There are many ways to shield User Agent with.htaccess. Here, rewrite rule is used to transfer these User Agent to achieve the shielding effect. 



RewriteCond %{HTTP_USER_AGENT}  " .*EmbeddedWB.* "  [OR]

RewriteCond %{HTTP_USER_AGENT}  " .*QunarBot.* "  [OR]

RewriteCond %{HTTP_USER_AGENT}  " .*Windows 98.* "  [OR]

RewriteCond %{HTTP_USER_AGENT}  " ^Mozilla/4.0$ " 

RewriteRule ^(.*)$ http://cao.ni.ma/

Using.htaccess requires some knowledge of regular expression syntax to correctly match strings.

If you find it useful, block malicious behavior. 0 & # 65533; Before 2, might as well first analyze 1 under their own website log, according to their own needs to customize. You can use Firefox+User Agent Switcher to test the effect, and Chrome has a similar switch. 0 & # 65533; 2Agent extension.

Related articles: