: Is it okay to block all user agents that start with "PHP/5."? I'm getting a lot of spambots from China (and elsewhere, likely botnets) accessing my blog which have a user agent string starting
I'm getting a lot of spambots from China (and elsewhere, likely botnets) accessing my blog which have a user agent string starting with PHP/5.. These include such nonsense values as PHP/5.3.70 and PHP/5.2.81, versions which don't exist. However, most UA strings consist of this raw glob pattern, which indicates what the spambot is trying to pretend to be:
PHP/5.{3|2}.{1|2|3|4|5|6|7|8|9|0}{1|2|3|4|5|6|7|8|9|0}
As such, blocking all user agents starting with PHP/5. using .htaccess would bring a halt to this spambot activity. Is there a significant risk of blocking legitimate crawlers?
More posts by @Berumen354
2 Comments
Sorted by latest first Latest Oldest Best
Yes you can. In fact, I recommend it and others too.
I would not work so hard on my regular expression to include version numbers- just ^PHP.*$
You will find that some agent names are consistently up to no good even though some will argue that they can be used for good and should not be blocked. That is a negative argument. I study these things and I cannot see in my database where an agent name of PHP.* has been used for anything good at all. So block away my friend! Have at it.
As far as blocking whole countries, that is not always something I recommend, however, as for China, it is not necessarily a bad thing. You would be cutting out legitimate users from Baidu searches and so on, but that may not be a concern. If you do this and it is possible, I suggest blocking larger blocks of IP addresses in a firewall if you have one.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.