| 9:11 am on Sep 14, 2008 (gmt 0)|
It's a library of functions that a programmer can use to add Web access to their program. So, it could be used to make a browser or a robot or to allow malware to "phone home" or download additional programs to a computer.
I also did a bit of searching and saw one report that associated it with malware, but again, it's like Indy Library or libwww-PERL or LWP:Trivial -- It's just a library of functions and in and of itself is neither good nor evil.
| 3:08 pm on Sep 14, 2008 (gmt 0)|
Thank you Jim.
My concern is to allow all human visitors. I get the feeling that people are installing bsalsa unwittingly as a component of some other freeware utility, with unintended consequences.
It seems that in some cases they end up with preposterous corrupted user-agents that can be very long, might contain the word "Mozilla" more than once, might start with the prefix "User-Agent", and almost always contain an "http:" link to the bsalsa homepage.
Several of the posts I found via Google (and some on bsalsa's own forum) complain of being denied access to websites because of the corrupted UA, which can trigger several traps on my own sites.
I don't want to block innocent users, and was considering adding exceptions to various conditions in my .htaccess file. But after scouring my logs I found instances where bsalsa users were requesting only the images on a page (no HTML) which suggests to me that they are not all innocent.
My current thinking is to rewrite any bsalsa HTML requests to an informationial page, but I don't get enough of them to be seriously concerned about and for the moment they just get a 403.
I would be interested to hear how others deal with the bsalsa question.
| 3:16 pm on Sep 14, 2008 (gmt 0)|
I've been watching that bsalsa UA. I do believe a new proxy service called Tynt utilizes bsalsa. I've seen the name used quite a bit when referencing proxy services. I've been reading more lately on the whole proxy thing and that space is ugly, lot's of abuse going on.
| 3:37 pm on Sep 14, 2008 (gmt 0)|
> My current thinking is to rewrite any bsalsa HTML requests to an informational page, but I don't get enough of them to be seriously concerned about and for the moment they just get a 403.
Probably a good idea... Keep it short, with no images or links, tell visitors how to uninstall it (may require some registry work, unfortunately) and that should take care of everybody from innocent visitors to scrapers.
> I've been reading more lately on the whole proxy thing and that space is ugly, lots of abuse going on.
... WebmasterWorld's Understatement of the Year award! :)
| 3:50 pm on Sep 14, 2008 (gmt 0)|
|WebmasterWorld's Understatement of the Year award! |
Hey, it is relevant to the title of this topic!
bsalsa for beginners
| 9:10 pm on Sep 14, 2008 (gmt 0)|
Bsalsa was always blocked for me because of my "http:" filtering in browser addresses and all I'll say is I've seen some rather heated discussions on their forum after installing their software and getting instantly blocked.
| 12:22 am on Sep 15, 2008 (gmt 0)|
I am not suggesting you go soft on it, but I have implemented an intercept to see what happens.
Here is a recent example (unlinked) that looked to me like an innocent human searching:
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Sky Broadband; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; TuneUp HTML Client Embedded Web Browser from: http*//bsalsa.com/; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; .NET CLR 1.1.4322)
I suppose I should be proud of blocking IE6 and IE7 simultaneously.
This is a similar one (unlinked) that came from a Google IP (66.249.84.nn):
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; Embedded Web Browser from: http*//bsalsa.com/; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
When a request from the 'plex gets a 403 from me I feel it is worth investigating.
On the other hand, this recent example (unlinked) requested images only:
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; http*//bsalsa.com) ; Zango 10.3.74.0)
And this is the referrer that came with it (unlinked and query-obfuscated):
My conclusion is that any innocent human who has this thing installed probably needs help.
But I am not going to lose sleep over it.