|
|
 |
|
| jonnymorris |
 |
NetHosted Customer
Joined: 22 May 2006
Posts: 78
|
 Posted: Sun Jun 29, 2008 3:22 pm Post subject: Blocking AVG 8.5 / IE6 |
| |
I have learned about the apparent DoS attacks that are actually being caused by the latest version of AVG, apparently it pretends to be a human and hits all links on a page with the browser ID "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)", which can sap up bandwidth and potentially cause servers to crash under load.
I know my own little website is not going to get hits like a corporate one, but I would like to block this browser signature and help keep my host's servers running smoothly. I would also like to have a meaningful error message should a real person be denied access by my block.
Can anyone advise on if it's possible and how I could do this for my domain here please?
Thanks. |
|
| Back to top |
|
| NetHosted - Andrew |
|
NetHosted Staff
Joined: 22 Mar 2004
Posts: 5625
|
|
| Back to top |
|
| jonnymorris |
|
NetHosted Customer
Joined: 22 May 2006
Posts: 78
|
| Posted: Sun Jun 29, 2008 4:17 pm Post subject: |
| |
I'm quite happy to block all IE6 users as well. They will get a message stating that it's AVG's fault I have had to block them, with information about alternative browsers and upgrading to IE7.
I do wonder, though, what will happen if AVG decide to change the user agent sig to IE7 or some other popular browser... |
|
| Back to top |
|
| NetHosted - Andrew |
|
NetHosted Staff
Joined: 22 Mar 2004
Posts: 5625
|
| Posted: Sun Jun 29, 2008 5:00 pm Post subject: |
| |
Hi,
I see, well you can redirect user based on user-agents via .htaccess. For example:
| Code: |
RewriteCond %{HTTP_USER_AGENT} ^USERAGENTHERE
RewriteRule .* yourpage.html [L,NC]
|
Place this code into an existing or new .htaccess file inside your public_html directory.
Thanks,
Andrew
_________________
| Andrew Bassett
| Managing Director, NetHosted Ltd.
| Resellers, take a look at overselling  !
| Members, tell us what you think of NetHosted! |
|
| Back to top |
|
| jonnymorris |
|
NetHosted Customer
Joined: 22 May 2006
Posts: 78
|
| Posted: Sun Jun 29, 2008 6:05 pm Post subject: |
| |
Hmm. Thinking about this, what actual bandwidth is used when something such as the AVG link checker thing makes a hit on one of my pages? Is the complete page sent (pictures and all) to the phoney client?
The .htaccess rewrite information is very interesting and I may try it out anyway, ask a few friends what they see and what their initial reaction is.  |
|
| Back to top |
|
| NetHosted - Andrew |
|
NetHosted Staff
Joined: 22 Mar 2004
Posts: 5625
|
| Posted: Sun Jun 29, 2008 6:24 pm Post subject: |
| |
Hi,
Yes I believe the tool checks pages for malware by loading them in advance of a click by the user.
Thanks,
Andrew
_________________
| Andrew Bassett
| Managing Director, NetHosted Ltd.
| Resellers, take a look at overselling !
| Members, tell us what you think of NetHosted! |
|
| Back to top |
|
| jonnymorris |
|
NetHosted Customer
Joined: 22 May 2006
Posts: 78
|
| Posted: Sun Jun 29, 2008 8:00 pm Post subject: |
| |
OK, for some reason the line
| Code: | | RewriteCond %{HTTP_USER_AGENT} ^Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) |
causes an internal server error, any idea what I need to do to fix this?
At the moment I just have
| Code: |
RewriteCond %{HTTP_USER_AGENT} ^Mozilla/4.0
|
and this part works in that it allows me access using Safari and Firefox 2, but I don't know if it actually blocks anything. |
|
| Back to top |
|
| NetHosted - Andrew |
|
NetHosted Staff
Joined: 22 Mar 2004
Posts: 5625
|
| Posted: Sun Jun 29, 2008 8:29 pm Post subject: |
| |
Hi,
I think you'll need to escape certain characters such as ; e.g. \;
Thanks,
Andrew
_________________
| Andrew Bassett
| Managing Director, NetHosted Ltd.
| Resellers, take a look at overselling !
| Members, tell us what you think of NetHosted! |
|
| Back to top |
|
| boughtonp |
|
NetHosted Customer
Joined: 18 Jul 2005
Posts: 129
Location: South Croydon
|
| Posted: Sun Jun 29, 2008 9:05 pm Post subject: |
| |
RewriteCond uses regular expressions.
You need to escape the parentheses with backslash.
Semi-colon is not a special character in regex so doesn't need to be escaped.
Dots are special (they match any single character), so technically they should also be escaped, but in this case it probably doesn't matter if they're not.
Give this a try:
RewriteCond %{HTTP_USER_AGENT} ^Mozilla/4\.0 \(compatible; MSIE 6\.0; Windows NT 5\.1; SV1\)
_________________
Peter Boughton |
|
| Back to top |
|
| MaddogBattie |
|
Community Liason
Joined: 16 Jun 2004
Posts: 139
Location: Cornwall
|
| Posted: Mon Jun 30, 2008 8:37 am Post subject: |
| |
AVG has recently changed the user agent strings they use and I guess it is more than likely that they will do so again in the future.
http://www.theregister.co.uk/2008/06/26/avg_disguises_fake_traffic_as_ie6/
About 30% of users use IE6 at the moment with Win2K users being unable to upgrade (IIRC) to IE7. That is quite a lot to block. |
|
| Back to top |
|
| jonnymorris |
|
NetHosted Customer
Joined: 22 May 2006
Posts: 78
|
| Posted: Mon Jun 30, 2008 10:58 am Post subject: |
| |
Thank you all for your help and advice with this. Could I ask you to take a look and tell me what results you get please? In theory it should only block IE6...
http://www.jonathanmortimer.co.uk |
|
| Back to top |
|
| jonnymorris |
|
NetHosted Customer
Joined: 22 May 2006
Posts: 78
|
| Posted: Mon Jun 30, 2008 11:23 am Post subject: |
| |
| boughtonp wrote: |
Give this a try:
RewriteCond %{HTTP_USER_AGENT} ^Mozilla/4\.0 \(compatible; MSIE 6\.0; Windows NT 5\.1; SV1\) |
I had to escape all of the spaces too, as I thought may be the case. Not sure if the spaces are required but I left them in anyway, they may form part of the signature. |
|
| Back to top |
|
| gpk |
|
NetHosted Customer
Joined: 06 Oct 2006
Posts: 156
|
| Posted: Tue Jul 01, 2008 6:26 pm Post subject: |
| |
>had to escape all of the spaces too
Sometimes in .htaccess you can just put it all in double quotes to avoid having to escape the spaces (but even if this works you'd still have to escape the parentheses). The spaces would definitely be required since otherwise you'd have a space in the user agent string which would fail to match whatever character was in the corresponding position in the regex.
I don't know what the typical impact on bandwidth/server load is, but AVG 8 made my PC grind to a halt (well I get 100 results from Google at a time) so I took the uninstall option pretty swiftly 
_________________
http://www.alexoria.co.uk • Find New Business for Your Business |
|
| Back to top |
|
| jonnymorris |
|
NetHosted Customer
Joined: 22 May 2006
Posts: 78
|
| Posted: Tue Jul 01, 2008 8:28 pm Post subject: |
| |
| gpk wrote: | | I don't know what the typical impact on bandwidth/server load is, but AVG 8 made my PC grind to a halt (well I get 100 results from Google at a time) so I took the uninstall option pretty swiftly |
A friend of mine told me AVG 8 was hard to disable for playing games and such, much worse than AVG7 in that respect, so they are using Zone Alarm now.
I don't have anything running like that on my Mac, generally there's no need, although I do occasional virus sweeps with ClamXav. |
|
| Back to top |
|
| NetHosted - Andrew |
|
NetHosted Staff
Joined: 22 Mar 2004
Posts: 5625
|
| Posted: Thu Jul 03, 2008 4:39 pm Post subject: |
| |
This has hit slashdot now. Someone has come up with this set of rewrite rules:
| Code: |
Rewritecond %{HTTP_USER_AGENT} ".*MSIE 6.0; Windows NT 5.1; SV1.$" [OR]
Rewritecond %{HTTP_USER_AGENT} ".*MSIE 6.0; Windows NT 5.1;1813.$"
RewriteCond %{HTTP_REFERER} ^$
RewriteCond %{HTTP:Accept-Encoding} ^$
RewriteRule ^.* http://www.avg.com/?LinkScannerSucks [R=307,L] |
The nice touch being it only filters AVG, not normal IE users. Also the AVG bot gets redirected back to the AVG site which wastes their bandwidth no yours.
Andrew
_________________
| Andrew Bassett
| Managing Director, NetHosted Ltd.
| Resellers, take a look at overselling !
| Members, tell us what you think of NetHosted! |
|
| Back to top |
|
User Permissions |
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
| |
| |
|
 |
 |
| | |
Hosting Plans
