Forum Moderators: open
I looked at their website but being technically challenged I am still in the dark as to what it is for.
Their forum only served to reinforce my opinion that, whatever else it may be, it is buggy as hell.
My current best guess is that it is a free component that may be included in "cottage industry" software to aid with things like automatic updates, and that it often corrupts the Internet Explorer user-agent string in the Windows registry by accident because it is not very good.
Googling brings up a lot of people who don't recall installing it and can't get rid of it.
Any enlightenment in plain English would be appreciated.
...
I also did a bit of searching and saw one report that associated it with malware, but again, it's like Indy Library or libwww-PERL or LWP:Trivial -- It's just a library of functions and in and of itself is neither good nor evil.
Jim
My concern is to allow all human visitors. I get the feeling that people are installing bsalsa unwittingly as a component of some other freeware utility, with unintended consequences.
It seems that in some cases they end up with preposterous corrupted user-agents that can be very long, might contain the word "Mozilla" more than once, might start with the prefix "User-Agent", and almost always contain an "http:" link to the bsalsa homepage.
Several of the posts I found via Google (and some on bsalsa's own forum) complain of being denied access to websites because of the corrupted UA, which can trigger several traps on my own sites.
I don't want to block innocent users, and was considering adding exceptions to various conditions in my .htaccess file. But after scouring my logs I found instances where bsalsa users were requesting only the images on a page (no HTML) which suggests to me that they are not all innocent.
My current thinking is to rewrite any bsalsa HTML requests to an informationial page, but I don't get enough of them to be seriously concerned about and for the moment they just get a 403.
I would be interested to hear how others deal with the bsalsa question.
...
Probably a good idea... Keep it short, with no images or links, tell visitors how to uninstall it (may require some registry work, unfortunately) and that should take care of everybody from innocent visitors to scrapers.
> I've been reading more lately on the whole proxy thing and that space is ugly, lots of abuse going on.
... WebmasterWorld's Understatement of the Year award! :)
Jim
WebmasterWorld's Understatement of the Year award!
Hey, it is relevant to the title of this topic!
bsalsa for beginners
:)
Here is a recent example (unlinked) that looked to me like an innocent human searching:
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Sky Broadband; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; TuneUp HTML Client Embedded Web Browser from: http*//bsalsa.com/; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; .NET CLR 1.1.4322)
I suppose I should be proud of blocking IE6 and IE7 simultaneously.
This is a similar one (unlinked) that came from a Google IP (66.249.84.nn):
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; Embedded Web Browser from: http*//bsalsa.com/; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
When a request from the 'plex gets a 403 from me I feel it is worth investigating.
On the other hand, this recent example (unlinked) requested images only:
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; http*//bsalsa.com) ; Zango 10.3.74.0)
And this is the referrer that came with it (unlinked and query-obfuscated):
http*//127.0.0.1:4664/preview?event_id=157138&schema_id=2&q=*obfuscated*&s=000000000000000000000000000
My conclusion is that any innocent human who has this thing installed probably needs help.
But I am not going to lose sleep over it.
--
