« Believing the denials of spammers
Help with other htaccess blocks »

No referrer, no user agent

There’s one particular spammer (or maybe several), that leaves comments and has no referrer and no user agent.

As long as he keeps to that pattern, he can be stopped via an .htaccess trick:

See it in this file:
no user agent htaccess

This entry was posted on Thursday, March 16th, 2006 at 8:19 am and is filed under Comment spam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

8 Responses to “No referrer, no user agent”

  1. Ajay D'Souza Says:
    March 16th, 2006 at 8:28 am

    Should i just add the contents of this into my current .htaccess

  2. Administrator Says:
    March 16th, 2006 at 8:31 am

    If you’re running WordPress, and that’s your comment file, then you could. It won’t do any good if that particular spammer is misusing your blog. But check your logs for this pattern, and you’ll find out:
    “-” “-”

  3. gpshewan Says:
    March 16th, 2006 at 8:44 am

    I’ve been watching this for the past few days as well. I run Typo and the commenting system there is being targeted (first time I’ve seen that). It’s failing because Typo has a clever method of dealing with it, but I think I’m going to deny all POST attempts without a user agent for my Typo installs. If it’s legit and it’s POST it should have a user agent.

    Will only work for a while but it’s minimum effort.

  4. Shashank Sharma Says:
    March 16th, 2006 at 12:26 pm

    I am curious, for a spammer on my blog is doing this too. Why won’t blocking his IP address using .htaccess be effective. In my case, it has completely stopped the spammer.

    Regards.

  5. Joe Says:
    March 16th, 2006 at 5:07 pm

    Blocking an IP address is only good as long as the spammer is using that address. Most use multiple addresses at once or rotate to different addresses rather frequently. Plus you would only be blocking on spammer, some of these mistakes are shared between spammers so you could block others potential problems before they hit you.

  6. Shashank Sharma Says:
    March 18th, 2006 at 11:45 am

    Hi Joe,

    thanks for that insight. I hadn’t really thought about it long enough :)

    Cheers!

  7. dragonthoughts Says:
    March 20th, 2006 at 12:08 pm

    Over the last month, I’ve also been seeing a lot of empty user agent and referer combos trying to post to a contact form’s action script.

    The contents of the post doesn’t validate, so the get nowhere, but it looks as if the POST data is designed to break form-mail type forms to send spam.

    They do this by submitting to an “email address” field which contains carriage returns and enough additional fields to build a complete spam email, complete with MIME encoded body. They even had a solo full-stop at the end of their content, presumably in an attempt to make SMTP mailers treat their garbage as complete.

  8. Out of Geek » Spam sin user-agent Says:
    May 28th, 2006 at 5:15 am

    […] Este ejemplo de .htaccess ha sido tomado de SpamHuntress.com […]

Leave a Reply