I would if that happened to me. Looks like DTS Agent is an email extractor [webmasterworld.com...] I think DigExt makes the content available for off-line viewing.

Thanks for posting. I need to add DTS to my ban list too.

Hey Nancy, the rewrite you're planning on using won't work for this one because I tried it myself and still got visits from DTS Agent. I started using the following and have not seen it since.

RewriteCond %{HTTP_USER_AGENT} Mozilla*DTS [OR]

It could be that someone was guessing your username/password based on dictionary.

Unreal. I never bothered blocking DTS agent because it never grabbed more than the main page and there are no e-mail addresses on my main page. In this case, I think you should block the IP just because whoever it was might be inclined to come back with another user agent. Actually, I'm going to block it right now.

I'm wondering if try #315889 might have been successful

There's no way to be sure, but I bet he just gave up.

Hey Nancy, the rewrite you're planning on using won't work for this one because I tried it myself and still got visits from DTS Agent. I started using the following and have not seen it since.

So, he didn't really test this out? I haven't had any luck banning the double word UAs either so I'm going to try wilderness' suggestion of partials which I guess would make it:

RewriteCond %{HTTP_USER_AGENT} ^DTS [OR]

Does anyone know if there is a tool to send fake UA's to a server? I kinda like to test these out on dummy data rather than wait for the real-life bot hitting and find out then it doesn't work.

[edited by: BlueSky at 3:18 am (utc) on Sep. 30, 2003]

RewriteCond %{HTTP_USER_AGENT} DTS\ Agent [NC,OR]

Been working for me.

Never mind...I found such a site. Mine above didn't work.

Interesting to know that, Pendanticist. It didn't work for me, nor did my simple ban for Grub work until I added the Mozilla* before it.
What kind of server do you use? Maybe it's just Linux RedHat that's weird with .htaccess because using SetEnvIf blows my whole file - site actually - so I have to use RewriteCond. I also haven't had any problems with banning two word UAs, such as Mail Sweeper.

thanks all!

I'm going to use pendanticist's since it worked with wannabr.....r! I also blocked the IP.

yes, I figured it was someone running a script for username/password and tech support said they probably gave up because if #315889 had worked I probably wouldn't have a site or email.

I checked whosis.geektools for the IP but since I don't really understand it, should I just block the entire IP range?

I don't want to get up tomorrow morning and find another 86MB waiting or, worse, find they succeeded and I have no site :(

inetnum: 192.116.133.0 - 192.116.137.255
netname: GILAT-SATCOM-BLOCK-38-39-41-42-43
descr: SKY2Net ltd
country: GB
admin-c: AH935-RIPE
tech-c: AH935-RIPE
status: ASSIGNED PA
mnt-by: AS3339-MNT
mnt-lower: AS3339-MNT
changed: hank@att.net.il 20030813
source: RIPE

route: 192.116.128.0/18
descr: ATT-ISRAEL-BLOCK5
origin: AS3339
mnt-by: AS3339-MNT
changed: hank@att.net.il 19991212
source: RIPE

person: Amit Hoomash
address: Gilat Satcom
address: 1651 Old Meadow Rd.
address: Mclean,VA 22102 USA
phone: +972 3 9255000
fax-no: +972 3 9255005
e-mail: amith@gilat.net
nic-hdl: AH935-RIPE
mnt-by: AS3339-MNT
changed: hank@att.net.il 20020410
source: RIPE

>What kind of server do you use?

Apache.

Pendanticist.

try wilderness' suggestion of partials

RewriteCond %{HTTP_USER_AGENT} Agent$ [OR]

Been most effective for me. This usually ends the UA.

RewriteCond %{HTTP_USER_AGENT} ^DTS [OR]

will not work! The "^" is wrong here as the UA string is

Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; DTS Agent

pedanticist's one is better, I use it too.

As I already indicated in a earlier thread on the DTS Agent, this is not necessarily a mail harvester. the original c++ code which is still around is a sample simple http class for win32 (I use it too - but changed the UA ;-)

the nasty little bugger came back three more times last night, about 3 hours apart each return. pendanticist's code worked! :)

Whoaaa Nelly!

Thank jdMorgan. I'm not that smart.

:)

Pendanticist.

will not work! The "^" is wrong here as the UA string is Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; DTS Agent

Bull
Use of "^" signifies "begins" with, Use of "$" signifies "ends" with.

This UA begins with the word Mozilla and ends with the word Agent.

The method you use apparently is supposed to work regardless of location. I've had it fail though and use it very sparringly.

Bull
Use of "^" signifies "begins" with, Use of "$" signifies "ends" with.

Yes.- Therefore

RewriteCond %{HTTP_USER_AGENT} ^DTS [OR]

will not work for ua string

Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; DTS Agent

as this does not start with DTS, as I wrote in my previous post.

Hope I get and got everything right? Tired.

Cop me a break bull, all this rewriting stuff is new to me. I'll get it eventually. Heaven knows there's enough bots out there to practice on. pedanticist's and coyote's versions though didn't work either on mine. Until I can get the techs to look at the server settings, I'll stick with wilderness' partials since they do work. Thanks again wilderness -- that one does work for me.

Just noticed that I mis-typed the rewrite I posted before.

C&P'd from my .htaccess:

RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*DTS [OR]