Forum Moderators: open
Is anyone else seeing increasing numbers of visits from UAs with a space preceding a semi-colon? That used to be a sure-fire pattern for misconfigured bots and I'm wondering if it still is, or just what it is.
Most are MSIE 7.0, but not all. And the pattern doesn't always follow "SV1)". I'm not sure if I can get the pattern to replicate here, but there should be spaces before and after the red semi-colons:
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)[b] [red];[/red] [/b].NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; Media Center PC 2.8)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)[b] [red];[/red] [/b]tmweb)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; yplus 5.1.04b)[b] [red];[/red] [/b].NET CLR 1.1.4322)
I rewrite the space-pre-semi-colon UAs so I don't have more hit data. Anyone?
Did they all come in more or less at the same time? If so it's more likely to be a bot, I would have thought.
Hmm. Maybe I should opt for a belt-and-suspenders approach and add:
RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*Mozilla
: )
This is the UA of my IE7 I have at the moment:
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648)
I think it went south after allllllll........... AVG tests i've done..
You could allow messed-up-by-AVG/LinkScanner UAs with:
RewriteCond %{HTTP_USER_AGENT} !SV1[);]
RewriteCond %{HTTP_USER_AGENT} ^Mozilla[^;]+;\ Mozilla
RewriteRule .* - [F]
Yes, I would believe something like AVG has killed it.
Has anyone got a similar example for Firefox/Gecko or Opera? Or doesn't this happen on the better class of browser? :)
