| Author |
Message |
djmaze
Subject Matter Expert
Joined: May 15, 2004
Posts: 727
Location: http://tinyurl.com/5z8dmv
|
 Posted:
Sat Jan 14, 2006 9:42 pm |
|
I've wrote a new security system for Dragonfly that detects flooding, referer spam, bots, bad user-agents and more...
Due to that some things triggered my mind and i started to investigate and these are some results:
1. Russian referer spambot changes IP on each call
2. Google doesn't obey Crawl-delay in robots.txt
3. Medusa browser is a website harvester
4. Some bad bots identify as a normal browser and the most famous string is
Code:Mozilla/4.0 (compatible; MSIE 6.0; Win32)
|
But there doesn't exists such thing as 'Win32' it's either 'Windows 95/98/ME' or 'Windows NT 5.0/5.1'
By putting the protection in place my anonymous visitor counts dropped from 200+ to 5+
Hereby i warn you all not to get fooled by your visitor counts in php-nuke and if you see excessive resource usage add a flood protector. |
_________________
$ mount /dev/spoon /eat/fun auto,overclock 0 1
ERROR: there is no spoon
http://claimedavatar.net/
Last edited by djmaze on Sat Jan 14, 2006 10:15 pm; edited 1 time in total |
|
 
|
|
hitwalker
Sells PC To Pay For Divorce
Joined:
Posts: 5661
|
| Posted:
Sat Jan 14, 2006 10:02 pm |
|
Win32 is the Windows API on Microsoft Windows 9X, NT, and 2000.
Okay and API means:Application Program Interface. A good API provides a group of routines, protocols and tools that programmers use to develop a program with greater ease. By doing so, an API provides consistency across applications by providing the same basic tools for all programmers to use. Operating systems such as Windows NT have an API, as do most popular web servers. (Also see Win32, WSAPI, ISAPI and NSAPI )
lol |
| |
|
|
|
|
djmaze
|
| Posted:
Sat Jan 14, 2006 10:15 pm |
|
duh i know that but did you find a IE browser that identifies as Win32 ?
I didn't talk about apps i talked about ua's  |
| |
|
|
|
|
hitwalker
|
| Posted:
Sun Jan 15, 2006 5:25 am |
|
|
|
|
|
djmaze
|
| Posted:
Sun Jan 15, 2006 10:40 am |
|
I know that also, i use those commands often in C++ apps that i write.
But it doesn't explain why many japanese bots use 'Win32'  |
| |
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Sun Jan 15, 2006 10:53 am |
|
djmaze,
Would you be willing to share that code for public use? |
| |
|
|
|
|
djmaze
|
| Posted:
Sun Jan 15, 2006 6:37 pm |
|
|
|
|
|
djmaze
|
| Posted:
Wed Jan 18, 2006 11:25 am |
|
Raven
Do you get it or is it still a lot of the unknown? |
| |
|
|
|
|
Raven
|
| Posted:
Wed Jan 18, 2006 2:13 pm |
|
djmaze, sorry for not getting back to you on this. I have this on my list of things to look at as soon as I get time. Thanks for posting it! |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
