Forum Moderators: open
when i whois them i get a lot of asia pacific which spam cop seems to blacklist as some spammers.
if i block this UA am i going to be blocking legit msie 5.5 traffic or is there no such animal?
Block the IP, not the UA....
thank you
[webmasterworld.com...]
[webmasterworld.com...]
Don
i started blocking the UA after the checks on the IPs and then a followup with whois and a check on the IPs in the block list at spamcop.net. the IPs that my redirect blocked showed similar to some other spam IPs.
I will go check your links for info, thank you.
I had another, rather fun idea! If you have root access to httpd.conf, and mod rewrite, you could make up a conditional so that:
if the UA was 5.5 and the IP was a broad range of APNIC IP's, THEN it would block! That would be fun!
dave
i guess i can probably figure that out on my own since i know i can use [OR] and perhaps figure a way with just that to accomplish a statement that includes a set of 5.5 and apnic... i think i will just pay more attention to them and see if i can isolate anything that may be spam vs non spam.
i recently set this new domain up and have only been getting a few spam messages, and nothing since i started trapping and encoding the email tags.. however, my old site gets tons of spam. i was hoping to limit it with the new setup.
RewriteCond %{HTTP_REFERER} ^-?$ [NC]
RewriteCond %{HTTP_USER_AGENT} ^-?$ [NC]
RewriteRule .* - [F,L]
Which says if the UA and referer is blank to forbid. I am not siue what the env. variable name for the IP address of the requester is (if someone knows, pleas chime in!) but you could easily add:
RewriteCond %{ENV_VAR_FOR_IP} IP-BLOCK
RewriteCond %{HTTP_USER_AGENT} MSIE 5.5 [NC]
RewriteRule .* - [F,L]
and that would do it....
dave
Note that with [F], [L] is redundant, as it is with [G].
Andrue,
You can combine the and/or functions, making a list of IP adresses and IP address ranges to be blocked if the UA contains MSIE 5.5;
For this code to function properly, it is critical that the last IP address not be followed by an [OR] flag.
RewriteCond %{REMOTE_ADDR} ^213\.137\.109\.74$ [OR]
RewriteCond %{REMOTE_ADDR} ^213\.181\.64\. [OR]
RewriteCond %{REMOTE_ADDR} ^213\.252\.152\.12$ [OR]
... more ...
RewriteCond %{REMOTE_ADDR} ^212\.123\.45\. [OR]
RewriteCond %{REMOTE_ADDR} ^211\.154\.211\. [OR]
RewriteCond %{REMOTE_ADDR} ^202\.95\.23\.
RewriteCond %{HTTP_USER_AGENT} ^Mozilla/4\.0\ \(compatible\;\ MSIE\ 5\.5\;
RewriteRule .* - [F]
Also, I believe that wilderness' warning about Australia/Oceana was to say, "Make sure you're not blocking our friends down under by blocking too large a segment of the Asia/Pacific IP range." Some countries in that range do a much better job of controlling illicit internet activities, and shouldn't be blocked en masse.
Jim
<edit>modified placement of "... more ..." to clarify carfac's point below.</edit>
[edited by: jdMorgan at 3:52 am (utc) on April 2, 2003]
>>Note that with [F], [L] is redundant, as it is with [G].
Oh well.... better safe than sorry. What is [G]? Gone?
Andrue:
Note: you can string together a lot of [OR]'s (and as Jim notes, do NOT [OR] the last one. But if you do not [OR] the SECONDS to the last (as in Jims example), it Or's all of the above and ANDS the last!
So, for a normal list of blocks (for UA or IP), they are typically all [OR]'d. If you wanted to specifically block JUST MSIE 5.5 from a large IP block, as I think you do, that would be a second ANDED block (if IP=XXX AND UA = MSIE 5.5)...
Thouroughly confused?
dave
The example I posted will block all listed IP addresses, but only if they use the MSIE 5.5 UA, as Andrue desires.
The boolean operator precedence is ( (badIP or badIP or badIP ... or badIP) and (UA=MSIE 5.5) ),
So it blocks any of those IP addresses which are also using the MSIE 5.5 UA.
Jim
