I had a crapload of comment spam hit my blog today. And by crapload, I mean Oprah on a bender crapload.
So I started looking through the server log files and noticed a few patterns. Four different browser user agents were showing up on these spam entries.
So I nuked them in my .htaccess file with the following bit of code.
########## Block Old Browsers used in Facebook spam assault, 2013.04.10 ##########
RewriteEngine On
RewriteBase /
# Firefox 3.0.5, 3.0.10, shows up repeatedly
RewriteCond %{HTTP_USER_AGENT} ^.*(?:Firefox/3\.0\.10).*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(?:Firefox/3\.0\.5).*$ [NC,OR]
# Opera 8.01, shows up repeatedly
RewriteCond %{HTTP_USER_AGENT} ^.*(?:Opera/8).*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(?:Opera\s8).*$ [NC,OR]
# MSIE 6.0, shows up repeatedly
RewriteCond %{HTTP_USER_AGENT} ^.*(?:MSIE\s6).*$ [NC]
RewriteRule .* - [L,R=404]
I’m sure my regex is horrible. But it works. And I am returning a 404 instead of a 403, because with the 404 they will think the resource is no longer there.
Of course, this will just work until the script kiddies change the user agent. But they tend to be pretty lazy.
I’ll have to analyze the logs a bit more when I get the chance. It’s an interesting attack coming from random IP addresses. Which means more people aren’t using protection. On their computers.
I posted this just in case anyone else is having this problem.
Off to bed I go. Long day. Before I even noticed this mess.
Until next time...
I so admire guys like you who know all this code and how to use it. It’s totally beyond me, which I realize is generational — my generation did not grow up with computers and didn’t absorb their protocols along with our earliest experiences and lessons. I’ve made a lot of progress over the years and and can operate on the web with some confidence but in real terms I’m just a rank beginner.
I’d say I know just enough to be… a danger to myself. 😉
I recognized some of those words in there. Like crapload. But that was it. 🙂
We both speak 0 and 1, but in different forms.