Bots don't honor 301 :(
VirginSnow at vfemail.net
VirginSnow at vfemail.net
Sat Jan 10 10:27:51 EST 2009
My httpd logs have been bombarded, lately, with probes by crackbots
(mostly for roundcube webmail and mantis bugtracker exploits). This
got me wondering, "What can I do to keep these buggers off my server?"
Of course, the iptables -j TARPIT approach came to mind, but that
didn't quite seem creative enough. Besides, what if one of the
compromised hosts legitimately wants to browse one of my sites? So I
got the idea to use status code 301 to redirect these bots to
something fun, like:
http://cybercrime.fbi.gov/complaints/submit_complaint.php?message=i+am+a+script+kidde+or+robot+attempting+to+compromise+a+computer+at+IP+address,+the+URL+i+am+using+to+do+this+is+$1
So, I set up my servers to trap exploit URLs and 301 them to another
server that I control. However, the bots didn't respect the 301, and
seemed to treat the 301 much like a 404. :(
So, "what if I use a fastcgi program to send the bot a 200 response
with a new Location: header", I wonder.
Has anyone on this list found any fun ways to burn these bots?
(BTW, legitimate bots, like googlebot, *do* honor status code 301.)
More information about the gnhlug-discuss
mailing list