Mozilla/3.0 (compatible) Again

Forum Moderators: open

Message Too Old, No Replies

Mozilla/3.0 (compatible) Again

Pulling strange urls

jimbeetle

7:42 pm on Apr 10, 2003 (gmt 0)

Thousands and thousands and thousands of hits on the 9th from "Mozilla/3.0 (compatible)" apparently from an ATT Broadband connection. Hammered all day long.

Strangest things is how page requests got corrupted but still resolved okay and return 200s.

/directory/directory/../directory/../../directory/
../directory/../../directory/directory/../../directory/
../directory/directory/../../directory/directory/../
directory

It's a home grown something. Do I take it out by IP (24.130.87.86) or UA?

Jim

jeremy goodrich

7:45 pm on Apr 10, 2003 (gmt 0)

In that instance, I would take it out by IP addy, since some people might still be using mozilla 3.0 :)

jimbeetle

8:03 pm on Apr 10, 2003 (gmt 0)

That's what I thought, but I didn't want to deny a valid ATT Broadband IP altogether.

And this is the Mozilla/3.0 *without* the ";" after compatible. The only other Mozilla/3.0s I've seen are Indy Library (gone) and WebTV. Any other legitimate v3 out there *appears* to be Mozilla/3.01 (compatible;).

Would it be safe to drop this in .htaccess?

SetEnvIfNoCase User-Agent "Mozilla/3.0 (compatible)" keep_out

I think I might bank on the absence of the ; making it okay. I hope.

<added>Oh, and that mocked up url in the first post is all one string. Broke it up to stop horizontal scroll</added>

jeremy goodrich

8:10 pm on Apr 10, 2003 (gmt 0)

Probably safe that way. I used to have ATT Broadband at home, they sold out to ComCast, and I *think* I've got a static IP, so it could be safe to go that way.

But you are right -> the UA is malformed so that will work just fine.

jimbeetle

8:17 pm on Apr 10, 2003 (gmt 0)

Done. As much as I would like 50,000 page views the one guy ate up over a gig of bandwidth yesterday.

Thanks Jeremy,

Jim