wilderness - 10:10 pm on Dec 21, 2012 (gmt 0)
I'm still undergoing the same attacks as noted in an earlier post. They have now intensified.
btw, that 'setEnvIfNoCase' directive is not working, because the attacker came thru yesterday with a new IP (again from Amazon) that I had not previously denied, and *it* got thru* to my web site.
18.104.22.168 - - [13/Dec/2012:11:44:02 -0700] "GET / HTTP/1.1" 403 202 "http://www.baidu.com/s?wd=jasper%2 etc.
Is it possible that your confusing recording of the access attempt within your raw logs as actual access?
In your previous examples, this portion shows that access was NOT allowed, rather denied:
Or is the so-called attacker either using a different referring page and/or keyword, than the one you have previously specified?
Or even a blank refer?
Did you make the last modification I previously provided?
Changing example to badiu?
The best solution for these types of issues is to provide and example of the new log line, however you'll need to obscure your file/domain name and the referring domain name.