still getting libwww-perl

Posted: Mon Nov 13, 2006 4:11 pm

stlill getting libwww-perl filter - abuse.....

I have the rewrite setup as follows in .htaccess

RewriteEngine on

RewriteCond %{HTTP_USER_AGENT} ^libwww-perl
RewriteRule ^.*$ - [L]

RewriteEngine off

The abuse is reported to my email and the IP blocked - I thought the above would actually stop the user agent from access the site

thus stoping the 50 or so emails I just recieved ....

Involved Joined: Jul 15, 2004 Posts: 252 Location: OKC, OK

I am no guru on rewrite but "RewriteRule ^.*$ - [L] " If I understand correctly is more or less telling the server not to do anything at all. So they would passthrough and then get picked up by Nuke Sentinel.

try "RewriteRule ^.*$ http://127.0.0.1 [R,L]"

registered · Posted: Tue Nov 14, 2006 6:53 am

Tao_Man, bingo! That is what I use as well. I had changed mine to the original post above and started getting these again.

Posted: Tue Nov 14, 2006 1:19 pm

Nope - It's still letting libwww-perl through - at least it's still reporting filter abuse- had another 55 in morning.

all the same filter/abuse scripts just changing IP's

*where exaclty* should I have the statements in my .htacesss - perhaps thats making the differeence.

This is what I have at the moment

***********************************
# -------------------------------------------
# Start of NukeSentinel(tm) admin.php Auth
# -------------------------------------------
#<Files .ftaccess>
# deny from all
#</Files>

#<Files .staccess>
# deny from all
#</Files>

#<Files admin.php>
# <Limit GET POST PUT>
# require valid-user
# </Limit>
# AuthName "Restricted"
# AuthType Basic
# AuthUserFile http://www.verticalresource.org/.staccess
#</Files>

RewriteEngine on

RewriteCond %{HTTP_USER_AGENT} ^libwww-perl
RewriteRule ^.*$ http://127.0.0.1 [R,L]

RewriteEngine off

# -------------------------------------------
# Start of NukeSentinel(tm) DENY FROM area
# -------------------------------------------

deny from 80.108.148.223
deny from 80.108.148.223
deny from 83.149.113.150
deny from 81.0.149.43 ETC
*****************************************

registered · Posted: Tue Nov 14, 2006 2:40 pm

Maybe you don't need to turn off the RewriteEngine line
RewriteEngine off

Posted: Tue Nov 14, 2006 2:50 pm

that should work.
Try changing to this, this is what I have

RewriteCond %{HTTP_USER_AGENT} ^libwww-perl/[0-9].[0-9]*

try that.

Posted: Wed Nov 15, 2006 11:11 am

I am now thinking that the Rewrite module itself is not available to you because the last bit of complete code should have worked (works perfectly for me as I have just tested it recently).

Take a look at this thread and see if you can determine if mod_rewrite is even enabled for you.

http://www.ravenphpscripts.com/postt7072.html

BTW, there is a mod_rewrite tester out "in the wild" that was on some GoogleTap/GTNG related sites, but it does not work in every case. I prefer Raven's method better.

Good luck!

Posted: Fri Nov 17, 2006 11:48 pm

Getting rid of

RewriteEngine off

seems to have done the trick - it's been a few days now with no libwww-pearl attacks

cheers guys
!

Posted: Sat Nov 18, 2006 7:09 am

Well, that doesn't make a whole lot of sense to me... Very odd. BUT, glad it is working for you now!

Dance-Y

Posted: Sun Nov 19, 2006 8:36 pm

Perhaps the way Apache processes .htaccess, it may read directives like RewriteEngine first. The last one is "RewriteEngine off".. so it sets it off. And then it never goes back to process RewriteRule

(Just a guess, I don't know)