Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x
Author Message
malrock1
Hangin' Around


Joined: Nov 04, 2006
Posts: 47
Location: Wanaka New Zealand

PostPosted: Mon Nov 13, 2006 4:11 pm Reply with quote

stlill getting libwww-perl filter - abuse.....

I have the rewrite setup as follows in .htaccess

RewriteEngine on

RewriteCond %{HTTP_USER_AGENT} ^libwww-perl
RewriteRule ^.*$ - [L]

RewriteEngine off


The abuse is reported to my email and the IP blocked - I thought the above would actually stop the user agent from access the site

thus stoping the 50 or so emails I just recieved ....

_________________
Life's a rock
go climb it
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message
Tao_Man
Involved
Involved


Joined: Jul 15, 2004
Posts: 252
Location: OKC, OK

PostPosted: Mon Nov 13, 2006 6:27 pm Reply with quote

I am no guru on rewrite but "RewriteRule ^.*$ - [L] " If I understand correctly is more or less telling the server not to do anything at all. So they would passthrough and then get picked up by Nuke Sentinel.

try "RewriteRule ^.*$ Only registered users can see links on this board! Get registered or login! [R,L]"

_________________
------------------------------------------
To strive, to seek, to find, but not to yield!
I don't know Kara-te but I do know cra-zy, and I WILL use it! 
View user's profile Send private message Visit poster's website
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Tue Nov 14, 2006 6:53 am Reply with quote

Tao_Man, bingo! That is what I use as well. I had changed mine to the original post above and started getting these again.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
malrock1
PostPosted: Tue Nov 14, 2006 1:19 pm Reply with quote

Nope - It's still letting libwww-perl through - at least it's still reporting filter abuse- had another 55 in morning.

all the same filter/abuse scripts just changing IP's

*where exaclty* should I have the statements in my .htacesss - perhaps thats making the differeence.

This is what I have at the moment

***********************************
# -------------------------------------------
# Start of NukeSentinel(tm) admin.php Auth
# -------------------------------------------
#<Files .ftaccess>
# deny from all
#</Files>

#<Files .staccess>
# deny from all
#</Files>

#<Files admin.php>
# <Limit GET POST PUT>
# require valid-user
# </Limit>
# AuthName "Restricted"
# AuthType Basic
# AuthUserFile Only registered users can see links on this board! Get registered or login!
#</Files>

RewriteEngine on

RewriteCond %{HTTP_USER_AGENT} ^libwww-perl
RewriteRule ^.*$ Only registered users can see links on this board! Get registered or login! [R,L]

RewriteEngine off

# -------------------------------------------
# Start of NukeSentinel(tm) DENY FROM area
# -------------------------------------------

deny from 80.108.148.223
deny from 80.108.148.223
deny from 83.149.113.150
deny from 81.0.149.43 ETC
*****************************************
 
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Tue Nov 14, 2006 2:40 pm Reply with quote

Maybe you don't need to turn off the RewriteEngine line
RewriteEngine off

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Tao_Man
PostPosted: Tue Nov 14, 2006 2:50 pm Reply with quote

that should work.
Try changing to this, this is what I have

RewriteCond %{HTTP_USER_AGENT} ^libwww-perl/[0-9].[0-9]*

try that.
 
montego
PostPosted: Wed Nov 15, 2006 11:11 am Reply with quote

I am now thinking that the Rewrite module itself is not available to you because the last bit of complete code should have worked (works perfectly for me as I have just tested it recently).

Take a look at this thread and see if you can determine if mod_rewrite is even enabled for you.
Only registered users can see links on this board! Get registered or login!

BTW, there is a mod_rewrite tester out "in the wild" that was on some GoogleTap/GTNG related sites, but it does not work in every case. I prefer Raven's method better.

Good luck!
 
malrock1
PostPosted: Fri Nov 17, 2006 11:48 pm Reply with quote

Getting rid of

RewriteEngine off

seems to have done the trick - it's been a few days now with no libwww-pearl attacks


cheers guys
!
 
montego
PostPosted: Sat Nov 18, 2006 7:09 am Reply with quote

Well, that doesn't make a whole lot of sense to me... Very odd. BUT, glad it is working for you now!

Dance-Y
 
evaders99
PostPosted: Sun Nov 19, 2006 8:36 pm Reply with quote

Perhaps the way Apache processes .htaccess, it may read directives like RewriteEngine first. The last one is "RewriteEngine off".. so it sets it off. And then it never goes back to process RewriteRule

(Just a guess, I don't know)
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ v2.5.x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©