Welcome to WebmasterWorld Guest from 35.173.48.224

Forum Moderators: Ocean10000 & phranque

Message Too Old, No Replies

Mod Rewrite Question

Need to ban based on UA and IP

     
10:31 pm on Dec 17, 2003 (gmt 0)

Full Member

10+ Year Member

joined:July 24, 2002
posts:291
votes: 0


I have a user (read:competitor) that finds it great fun to come to our forum and spend all his time either spamming or copying our information for his own uses. I banned his static IP Address, but now he has access to a dial up, which have dynamic IP's. I want to ban this user via .htaccess.

What i'm thinking is a double if-then type thing. So, if IP address is 55.55.* AND UA: = (something), 403.

Is this possible? His UA is kind of unique, so I don't think that with the combination of that and the IP, that I would be banning very many people by doing this.

What do you think?

I know he can get around it, but frankly I think he's luckier than smart.

Also, I know I can have people get authorization before they can post, but I don't want to go that route. Also, I want him to not see anything either, since he tries to copy our content.

Since I am a novice at Mod Rewrite, could someone help me out here?

Thanks!

10:41 pm on Dec 17, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


What's the user-agent?

You'll need to put up a custom 403-page with a message explaining that access has been denied. This language needs to be apologetic, in case you *do* ban an innocent visitor.

Advice? Yes -- Figure out what approach will work first, and then get into the implementation details. And do keep a log of the IP addresses this person uses. Even dial-up usually uses a fairly-restricted IP address range, because local modem bank are assigned chunks of addresses out of the full range that the company owns.

Jim

10:51 pm on Dec 17, 2003 (gmt 0)

Preferred Member

10+ Year Member

joined:June 16, 2003
posts:633
votes: 0


Or you could :

A) Send him to a page where you pretty much tell him that you know what he's doing, etc

B) 301 him to his own site

C) Send him to [loc.gov...] (The PDF that contains the Digital Millennium Copyright Act of 1998)

Now... the only real problem I see with banning his IP is that he can use a proxy. There are ways to check if the user is using a proxy, and the user's true IP address (there's a PHP solution that I use, which you can sticky me for if you want it). Or, if you don't care about attracting new visitors, ban everyone with the same ISP as his. But, I think the best way to go about it is to ban his user agent, since you mentioned that his user agent is rather unique.

11:27 pm on Dec 17, 2003 (gmt 0)

Full Member

10+ Year Member

joined:July 24, 2002
posts:291
votes: 0


JdMorgan-
What's the user-agent?

Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Toshiba Corporation)

I know there are certainly many more than just him using it, but I have gone over our logs for the last two months, and he's the only one we've gotten. Plus, I was thinking if we combine that with a partial IP, that would reduce the likelihood even farther.

JdMorgan-

This language needs to be apologetic, in case you *do* ban an innocent visitor.

Exactly, will definitely do this.

Panic-

A) Send him to a page where you pretty much tell him that you know what he's doing, etc

B) 301 him to his own site

C) Send him to [loc.gov...] (The PDF that contains the Digital Millennium Copyright Act of 1998)

Those are great ideas! I'll look into those too!

I have already set up a page that only he knows about, so that I can keep track of which IP addresses he uses.

Another idea that I thought of, maybe put a cookie on his computer from that page that I could check for? I know he could delete his cookies, but he won't have any idea why he is being banned.

Which do you think is better?

If the htaccess, anyone know how to accomplish this?

Thanks!

9:54 pm on Dec 18, 2003 (gmt 0)

Full Member

10+ Year Member

joined:July 24, 2002
posts:291
votes: 0


<cough> ;-)
10:32 pm on Dec 18, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


<cough> : Forum Charter [webmasterworld.com] (Last line)

Introduction to mod_rewrite [webmasterworld.com]

relevant site search [google.com] ;)

You'll need a script to handle cookie checking, though.

Jim

11:13 pm on Dec 18, 2003 (gmt 0)

Full Member

10+ Year Member

joined:July 24, 2002
posts:291
votes: 0


Forum Charter (Last line)

Well lookey there! ;)

Sorry about that, thanks for the links!

12:14 am on Dec 19, 2003 (gmt 0)

Full Member

10+ Year Member

joined:July 24, 2002
posts:291
votes: 0


Okay, took a look through everything I could find...Would this work?

RewriteEngine on
RewriteCond %{HTTP_user_agent} Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Toshiba Corporation)
RewriteCond %{REMOTE_ADDR} ^55\.55\.*$
rewriterule!(403\.html¦404\.html) - [F,L]

This is the first one i've written, so am I on the right track? Syntax okay?

With the IP, I changed the #'s obviously, and what i'm wanting to do is to ban anything that has the first two, no matter what the last two are...

Thanks for the help!

1:07 am on Dec 19, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


Oops! Forgot an important link! You'll need to 'escape' the special characters (such as the spaces and "(" etc. in that user-agent string. Also, since you've captured the entire string, you can/should "anchor" it.

Explained: [etext.lib.virginia.edu...]

(But you're doing well so far) :)

Jim

4:03 pm on Dec 23, 2003 (gmt 0)

Full Member

10+ Year Member

joined:May 5, 2003
posts:319
votes: 0


Neo541 wrote:

RewriteCond %{HTTP_user_agent} Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Toshiba Corporation)

As Jim mentioned, you must escape all spaces, periods, and parenthesis, or you will get server 500 errors.
ex:

RewriteCond %{HTTP_user_agent} ^Mozilla/4\.0\ \(compatible;\ MSIE\ 6\.0;\ Windows\ 98;\ Toshiba\ Corporation\)$ [NC]