1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 3:27 pm May 2, 2026

Forum Moderators: phranque

Message Too Old, No Replies

bot flood for ~ directories

         

ChefGroovy

12:55 pm on Mar 27, 2007 (gmt 0)

10+ Year Member



I was looking over my log files earlier and in the 404 error section it seems like every few days some yay-hoo does hundreds of checks for for like

/~aardvark
/~aadam
/~blah blah
....
/~zzzzt

Always in middle of night, different IP. Maybe not even same guy.

I assume he's fishing for customer directories?

Anyways, I was wondering if there was any way in .htaccess to make ANY request for a "~" directory, since I don't have any, goto a special page

Thanks
Dan

jdMorgan

1:22 pm on Mar 27, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



The sequence of URL_paths indicates a simple dictionary attack for user directories on a server using mod_userdir [httpd.apache.org].

What is the server response code for requests of /~ directories? Any 200-OK response may indicate that your server has mod_userdir enabled, and this might affect the solution.

If not, a simple mod_rewrite [httpd.apache.org] rule (assuming you already have other working rules) would likely take care of this problem: 


RewriteRule ^~[a-z] - [F]

Jim
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 3:27 pm May 2, 2026