I've been seeing some strange bots hit my sites and I don't know which direction to turn to stop it.

I'm have spam URL show up in my GUS. It's like the bot has is swapping out a story ID with a URL address. Here's a few items from the GUS log:




I installed bad behavior 2 thinking it may solve it, but it has not. I don't even know what type of spam to call this? referrer? Comment?

I'm the only one with access to GUS.

I thought about hacking Bad Behavior to look for URLs in the query string, but I'd like to find a better solution.

Has anyone else seen this and know how to stop it?

thanks,
Drew
cozy1200.com

Those are just script kiddies looking for vulnerabilities - that aren't there.

We did have a problem with these attempts in the Spam-X plugin back in 1.4.0 - but only if you didn't follow the installation instructions. This has since been fixed (with 1.4.0sr4 and later).

However, the URLs you quoted never had that problem. They are just trying each and every URL they can find. Stupid kids ...

Bad Behavior will only stop some of those attempts, if the tools they're using somehow trigger some of BB's filters. You can either ignore those or block them in your .htaccess like so:



bye, Dirk

Just an FYI, but this .htaccess rule will break the flash audio / video playback in Media Gallery. There are some valid requests where http will show up in the URL.

Thanks!
Mark

Shouldn't the URL be encoded then? Like it is when you do a search for "http://www.example.com"?

I realize the OP posted URLs that were already encoded (http%3A%2F%2F) but I assumed that was due to them being pulled from GUS. The above .htaccess rule will not block these encoded URLs.

bye, Dirk

Dirk, From what I can tell the are not encoded originally. I think the GUS is encoding it.

Good to know it want harm the system, but it's bloody annoying. It would be nice to block them entirely.

Unfortunately my site is running on IIS so the HTACCESS solution is out the window for me.