Ending Sirseek log spam

Forum Moderators: phranque

Message Too Old, No Replies

Ending Sirseek log spam

banning the referrer in htaccess

Hobbs

2:33 pm on Apr 22, 2008 (gmt 0)

Which one of the below would take care of referrer log spam:

SetEnvIfNoCase Referer sirseek bad_bot

or more generic:
SetEnvIfNoCase Referer window\.location bad_bot

or go for both?

and is it fine to just place it among my 'SetEnvIfNoCase User-Agent' lines in htaccess?

I do understand it is coming from malware infected visitor machines btw.

wilderness

4:25 pm on Apr 22, 2008 (gmt 0)

Hey Hobbs,
the use of either or both lines is dependednt upon what your seeing.

There's no order of precedence when placing these lines, however I group then together aplhabetically (different categrories) for more accurate reference.

Hopefully you rezlize that these lines are not go to remove the entries from your visitor logs? The referrers will still be there for your eyes!
Rather, the spammer will receive a 403, rather than a 200.

Don

Hobbs

6:14 pm on Apr 22, 2008 (gmt 0)

what you see in referrer is:

<SCRIPT>window.location='http://www.sirseek.com'</script>

perhaps a better strategy would be to block <SCRIPT>
SetEnvIfNoCase Referer \<SCRIPT\> ?

yes I realized after posting that it will not stop the log spamming, is there an apf firewall shell command that can block by referrer?

jdMorgan

6:48 pm on Apr 22, 2008 (gmt 0)

The danger with this thing is that it can infect *your computer* if you view your 'stats' using a browser, or anything that would interpret and execute that <script> statement.

It would be best to block these requests at the firewall of your server, so that they don't ever reach your server and get logged. But if you can't do that, then block the domain in your own PC's firewall, or add a 'hosts' file entry to map that domain to localhost (127.0.0.1) so your PC will never request it from the Web.

Jim