By capmex on
I installed this new module on my site http://capmex.biz and it seems to be working just fine, blocking only spambots. But after reading in another forum reports about real users being blocked, I'm not so sure if it's completely safe to use it.
I would like to ask other members, specially those with privacy settings or firewalls, to visit my site and check if they are not blocked by the module. In case someone gets blocked, please post here with details about your user agent, platform, etc.
Comments
Works
If this is a ploy to draw traffic, it's ingenious!
Okay, just kidding. Your site loaded fine for me in FF Mac and Camino alpha.
Laura
===
pingVision • scattered sunshine
_____ ____ ___ __ _ _
Laura Scott :: design » blog » tweet
I have some entries
I have some entries on the log that look like real users, all of them have in common "Required header 'Accept' missing". I just want to make sure real users do not have any problem accesing the site. :)
Before installing the module I looked for information and found some posts about people being blocked by bad-behavior on wordpress sites with the above message.
Just a few examples of the entries in capmex.biz bad behavior's log are:
Required header 'Accept' missing 2005-09-11 04:18:09 66.194.6.79 Mozilla/5.0 (compatible; Konqueror/3.1-rc4; i686 Linux; 20020319)
Required header 'Accept' missing 2005-09-10 05:15:55 66.194.6.71 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312462) details
Required header 'Accept' missing 2005-09-09 23:52:22 70.85.243.50 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
--
Webmaster Resources for Business Websites
i'm suspicious too, but not too worried
bad-behavior seems to be a mature library, so my assumption when installing badbehavior.module was that i wouldn't have to worry about false positives.
i too am seeing what seem to be legit requests that are being denied due to this 'required header missing' logic.
i guess i'd conclude from the existence of this rule that no legit browser would ever *not* send accept-* headers. and the only reason these requests appear to be real is that the spammer is spoofing the user agent. as soon as he gets a 403, he concludes that his target script is inaccessible and goes away, so you don't see the tell-tale request ever 1-2 seconds from the same IP that indicates spammer.
the accept-* headers are an important part of an HTTP transaction, i can't imagine any reason a legit useragent would not send them.
--
Living in fear of patch hell?
Want a stable development environment?
Support Dev Releases: http://drupal.org/node/30903
Support Code cleanup too: http://drupal.org/node/28540
--
Devbee - http://devbee.net/
Yahoo-Blogs/v3.9 has been
Yahoo-Blogs/v3.9 has been blocked on my site, I checked the ip and it really belongs to Yahoo:
2005-10-12 05:06:43 68.142.195.82 Yahoo-Blogs/v3.9 (compatible; Mozilla 4.0; MSIE 5.5; "http://help.yahoo.com/help/us/ysearch/crawling/crawling-02.html" )Reverse DNS: opncrd2.search.mud.yahoo.com
OrgName: Inktomi Corporation
OrgID: INKT
Address: 701 First Ave
City: Sunnyvale
StateProv: CA
PostalCode: 94089
Country: US
I'm going to whitelist the ip block, because bad behavior has not been updated. This post is just to inform other bad behavior module users.
--
Webmaster Resources for Business Websites