An idea

gregexp · Posted: Fri Apr 06, 2007 11:18 am

You know, I've been thinking about this, what do you all think about allowing useragents only, Like get a standard list of user agents, like explorer, firefox and what not as well as search engines.

Then using .htaccess, only allowing standard users-agents and search engines?

Reason I say this, In my time away, I've had to research a LOT of security issues with web based applications. One thing I remember reading from a lot of different sources is that hackers will use a program, ussually a legit one, like Acunetix Web vulnerability scanner, These tools can scan the entire directory of a website and after testing a few, Acunetix seems to be the most aggresively accurate one, but also seems to disregard anything other then .htaccess which simply kills it in its tracks. So to recap, only allowing legitimate user agents and search engine agents we want, could help prevent the intrusion of hackers against legitimate web applications that could be used to harm a site or entire system.

kguske · Site Admin Joined: Jun 04, 2004 Posts: 4624

One problem with that approach - really more of a limiting factor - is that user agents can be spoofed.

kguske · Site Admin Joined: Jun 04, 2004 Posts: 4624

But...a honeypot approach could make it effective...

gregexp · Posted: Fri Apr 06, 2007 2:44 pm

honeypot?
hmmm.

I was thinking that limiting yes, and it would need to probably be continually updated, which could be a security threat in itself.

I guess this idea isnt a bad one, but could use some more insight.

Guardian2003 · Posted: Fri Apr 06, 2007 2:51 pm

The idea of honeypots is basically a link in robots.txt which a bot is told to ignore. When it tries to access the link its referer data is recorded.
The same could be ised within a directory structure where an extra file is added inside the directory which is not linked to anything. If the link is found, someone will try to access it......

gregexp · Posted: Fri Apr 06, 2007 3:05 pm

nice, they call that honeypot?

Well I suppose it works, but if this were people we'd call it entrapment!!

:evil laugh:
I may not be able to do it to a real person but common bots, Imma get you!! lol

sounds like a workable idea.
Thanks for the input.

Guardian2003 · Posted: Fri Apr 06, 2007 4:41 pm

A very simple thing I did last year because of new bots was to place a link in robots.txt i.e. disallow: /theurlhere.html
The link was actually an a known exploit path that would trip Sentinel haha.

persona_non_grata · Joined: Posts: 0

lol...thats sneaky guardian... killing me

Susann · Posted: Fri Apr 06, 2007 6:04 pm

Darklord nice idea but generally that doesn´t work because every idiot can change the user agent.htaccess is power and I´m sure you can use there easily rules for search engines, Ips etc.. I added one user agent into the nuke sentinel blocker, because thats a user agent which was often used by turkish hackers.
And that did the trick. Of course I don´t tell anyone whats the name of this UA.

montego · Posted: Sat Apr 07, 2007 8:40 am

Guardian2003 wrote:

A very simple thing I did last year because of new bots was to place a link in robots.txt i.e. disallow: /theurlhere.html
The link was actually an a known exploit path that would trip Sentinel haha.

Just a side note, it is funny that I have this in place, and no bot has ever gotten banned. If you are finding this banning bots on your site, then I must not have it right.. Sad