Welcome to Geeklog, Anonymous Wednesday, April 15 2026 @ 10:14 am EDT
Geeklog Forums
What's blocking this request?
Status: offline
jmatt
Forum User
Junior
Registered: 01/06/03
Posts: 30
Location:Tatertown, KY, USA
An entry from my server log:
193.111.244.21 - - [14/Mar/2007:09:22:27 -0400] "GET /blog/index.php HTTP/1.1" 412 2603 "http://jmatt.net/blog/index.php" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
I think the status code 412 means it was blocked somewhere in Geeklog. Maybe because the User Agent header is bad (shouldn't actually contain "User-Agent", or maybe for some other reason.
But I'm not sure what part of Geeklog is blocking it. I used to use the Bad Behavior plugin, which would probably catch something like this. But I've disabled it (it's still installed, but deactivated via the admin panel), so it shouldn't be involved.
I have the Spam-X plugin turned on. I have some IPs in the IP blacklist, but this isn't one of them. My HTTP header blacklist is empty. This access does not appear in the Spam-X log. So I don't think Spam-X blocked it.
Aside from Bad Behavior or Spam-X, is there something else that would cause a 412 status code? Since this is a simple GET request for the front page, it's not a comment/trackback full of spam. It looks like the only basis for rejecting it would be IP address or headers, and the User Agent header does look wrong. But I'm not sure where it's getting blocked. Are there some defaults in Spam-X that don't show up?
Another clue. The next entry in the log is
193.111.244.21 - - [14/Mar/2007:09:22:27 -0400] "GET /blog/mailto:wm+nospam@nospam.jmatt.net HTTP/1.1" 404 1131 "http://jmatt.net/blog/mailto:wm+nospam@nospam.jmatt.net" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
The wm+nospam@nospam.jmatt.net address is the one that gets inserted in the page that Bad Behavior (and maybe other functions?) generate when rejecting an access. So it looks like some dumb bot got that page and tried to parse the email address as a link. But who sent it the page?
193.111.244.21 - - [14/Mar/2007:09:22:27 -0400] "GET /blog/index.php HTTP/1.1" 412 2603 "http://jmatt.net/blog/index.php" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
I think the status code 412 means it was blocked somewhere in Geeklog. Maybe because the User Agent header is bad (shouldn't actually contain "User-Agent", or maybe for some other reason.
But I'm not sure what part of Geeklog is blocking it. I used to use the Bad Behavior plugin, which would probably catch something like this. But I've disabled it (it's still installed, but deactivated via the admin panel), so it shouldn't be involved.
I have the Spam-X plugin turned on. I have some IPs in the IP blacklist, but this isn't one of them. My HTTP header blacklist is empty. This access does not appear in the Spam-X log. So I don't think Spam-X blocked it.
Aside from Bad Behavior or Spam-X, is there something else that would cause a 412 status code? Since this is a simple GET request for the front page, it's not a comment/trackback full of spam. It looks like the only basis for rejecting it would be IP address or headers, and the User Agent header does look wrong. But I'm not sure where it's getting blocked. Are there some defaults in Spam-X that don't show up?
Another clue. The next entry in the log is
193.111.244.21 - - [14/Mar/2007:09:22:27 -0400] "GET /blog/mailto:wm+nospam@nospam.jmatt.net HTTP/1.1" 404 1131 "http://jmatt.net/blog/mailto:wm+nospam@nospam.jmatt.net" "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
The wm+nospam@nospam.jmatt.net address is the one that gets inserted in the page that Bad Behavior (and maybe other functions?) generate when rejecting an access. So it looks like some dumb bot got that page and tried to parse the email address as a link. But who sent it the page?
14
21
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
It is Bad Behavior blocking that request. Disabling the plugin will only disable the "backend" of it. But as long as you have that extra line in lib-common.php, it's still doing its thing.
bye, Dirk
bye, Dirk
16
21
Quote
All times are EDT. The time is now 10:14 am.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content