[geeklog-devtalk] Re: comment SPAM

[Michael Jervis]

> They didn't all come from the same IP address. The guy is 

> obviously in control of a botnet. See my post on "home-made 

> problems" in today's summary on why it caused us these 

> problems yesterday.


Just ban the internet. That's what the people on the news want to do any
time anything bad happens online.

If he's spamming urls in GET or POST data, couldn't some variant of;

RewriteCond %{QUERY_STRING} ^(.*)wget\%20 [OR] RewriteCond %{QUERY_STRING}
^(.*)echr(.*) [OR] RewriteCond %{QUERY_STRING} ^(.*)esystem(.*) [OR]
RewriteCond %{QUERY_STRING} ^(.*)highlight=\%2527 [OR] RewriteCond
%{HTTP_COOKIE}% s:(.*):\%22test1\%22\%3b RewriteRule ^.*$ http://127.0.0.1/
[L,R=301]

Block that stuff? I don't know htaccess syntax too well, so I'm not even
going to TRY To write one, but surely it should be easy to write something
that blocks the content of his GET/POST?

Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3030 bytes
Desc: not available
Url : <http://eight.pairlist.net/pipermail/geeklog-devtalk/attachments/20050211/bcee253a/attachment.bin>