[wp-hackers] Trackback Spam

Peter Westwood peter.westwood at ftwr.co.uk
Tue Feb 1 21:44:30 GMT 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, February 1, 2005 7:40 pm, Mark Jaquith said:
> Mark Wubben wrote:
>
>>Isn't trackback spam fire and forget? If so... those fancy redirects won't help :)
>>_______________________________________________
>
> Spam Karma has blocked all of them for me.  But I got tired of the notifications, so I put this in .htaccess
>
> It blocks the spammer's User Agent from posting (the first User Agent is that spammer that struck last month, before
Spam Karma was updated to filter Trackbacks.)
>
>> # TB Spammer Blocks
>> SetEnvIfNoCase User-Agent "Mozilla/4\.0 \(compatible; MSIE 5\.5; Windows 98; Win 9x 4\.90\)" bad_bot
>> SetEnvIfNoCase User-Agent "Mozilla/4\.0 \(compatible; MSIE 6\.0; Windows NT 5\.2; \.NET CLR 1\.1\.4322\)" bad_bot
>> <Limit POST>
>> Order Allow,Deny
>> Allow from all
>> Deny from env=bad_bot
>> </Limit>
>
> Note that if any legitimate users have this User Agent, they won't be able to post comments.  I'm not too worried
about the MSIE 5.5 Windows 98 one, but the MSIE 6.0 one could block some legit users.  My IE User Agent is:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) which only varies in the Windows version
and "SV1."  So be warned.
>
> Personally, I don't care... I already put up a pretty big "USE ANOTHER BROWSER" warning to them anyway.
>

The NT5.2 Case should be fairly safe as NT5.2 == Windows 2003 which is a Server OS only and the SV1 bit was todo with
XP SP2 fixes.

Of interest the following other unusualUserAgents seem to show up a lot in the comment spam:

Mozilla/3.0 (compatible; Indy Library)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 4.0; PCUser)

The first is I believe some Delphi code using a freely available library

Cheers

Peter
- --
Peter Westwood
Blog: http://www.ftwr.co.uk/blog/
Get Firefox: http://www.spreadfirefox.com/?q=affiliates&id=20287





-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFB//g+VPRdzag0AcURAnUUAKDHvmRgN+I3TKsTC4lWnELjxIGE6QCeNEoG
1eMqLiv55C6ZZkFzD8AaFBs=
=r6wd
-----END PGP SIGNATURE-----

More information about the hackers mailing list