Welcome to WebmasterWorld Guest from 54.144.79.200

Forum Moderators: Ocean10000 & incrediBILL

Message Too Old, No Replies

Is this a valid user agent? and how do I block it?

Is this a valid user agent? and how do I block it?

     

spiritualseo

2:52 pm on Jan 7, 2012 (gmt 0)

5+ Year Member



Hey guys, is this a valid user agent?

Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.25 (jaunty) Firefox/3.8

Have been getting a lot of referral spam mainly from #*$! websites from the above user agent. If this is invalid, any help on how I can block this in htaccess? Thank you!

keyplyr

7:17 pm on Jan 7, 2012 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



The UA is common. Block by IP address.

dstiles

10:41 pm on Jan 7, 2012 (gmt 0)

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member



Jaunty is out of date now - I'm running 10.04 Lucid, which is also being slowly phased out.

I would be wary of the term Ubuntu/9.25. Ubuntu versions are either n.04 or n.10 - Jaunty is 9.04. A search for Ubuntu/9.25 does not produce many results and at least one of those says "forge your UA".

On Lucid I'm currently running firefox 9.1. Ubuntu seemed to be pushing 3.6 until a few months ago - I went straight from 3.6 to 7.something. Can't say I've heard of 3.8 for Ubuntu.

tangor

10:56 pm on Jan 7, 2012 (gmt 0)

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



Sometimes we address the referer, too. Particularly with pron sites... there's aren't that many "words" to deal with. :)

spiritualseo

7:48 pm on Jan 8, 2012 (gmt 0)

5+ Year Member



So would it be safe to block Ubuntu/9.25? Will something like this work:

RewriteCond %{HTTP_USER_AGENT} Ubuntu\ 9.25

dstiles

9:26 pm on Jan 8, 2012 (gmt 0)

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member



I would check previous logs and do a bit of research to be sure about blocking it.

As to the rewrite - can't help there, I'm afraid: I don't run htaccess.

lucy24

10:36 pm on Jan 8, 2012 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



So would it be safe to block Ubuntu/9.25? Will something like this work:

RewriteCond %{HTTP_USER_AGENT} Ubuntu\ 9.25


You've correctly escaped the literal space, but you also need to escape the literal period. Unless you're expecting visits from "Ubuntu 9425" or "Ubuntu 9a25" or even "Ubuntu 9 25" and want to block those too. Which, come to think of it, wouldn't do any harm. But an unescaped period can lead to unwanted consequences, so it's best to stay in the habit.

And then, ahem, you need a Rule to go with the Cond ;)

spiritualseo

5:35 pm on Jan 9, 2012 (gmt 0)

5+ Year Member



I did check the previous months logs and nearly all traffic from this agent is spam. Successfully blocked this using the following:

RewriteCond %{HTTP_USER_AGENT} Ubuntu\/9\.25 [NC]
RewriteRule .* - [F,L]

keyplyr

6:44 pm on Jan 9, 2012 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Just a FYI

RewriteRule .* - [F,L]


"F" means final and "L" means last, so in effect you are saying the same thing twice. Won't hurt, but a more succinct way of writing this would be:

RewriteRule .* - [F]

lucy24

12:25 am on Jan 10, 2012 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



[F] doesn't mean Final, it means Forbidden (think "Fail")-- like Deny from. It's one of a handful of flags that carries an implied [L]. But it's a good habit to include [L] with each separate RewriteRule unless you've got a specific reason to exclude it, so you never leave it out by accident.

In Apache you don't escape / slashes. You're thinking of javascript. Or was that a typo for the same escaped space as before?

keyplyr

2:04 am on Jan 10, 2012 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



[F] doesn't mean Final, it means Forbidden
Oh yeah, my bad. Since I only write regex that forbids something I guess I see it as final if there are no more rules. However, I never use both F and L and consider it redundant.

In Apache you don't escape / slashes. You're thinking of javascript. Or was that a typo for the same escaped space as before?

No need to escape forward URL slashes in JS either.

lucy24

4:59 am on Jan 10, 2012 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



:) Except in Regular Expressions, because the slashes are what demarcates them.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month