bad-behavior is now blocking what it says is a SQL injection but all its really looking for is a # in the header. So I end up seeing crap like this.
I think this may be a bug in bad behavior
Update: I am still seeing this from the Yahoo bot
403 Request contained a malicious JavaScript or SQL injection attack
Agent: Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
74.6.8.122 llf520018.crawl.yahoo.net
403 Request contained a malicious JavaScript or SQL injection attack
Agent: Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
74.6.17.186 llf520164.crawl.yahoo.net
403 Request contained a malicious JavaScript or SQL injection attack www.winnfreenet.com
Agent: Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
74.6.22.159 llf520079.crawl.yahoo.net
// Broken spambots send URLs with various invalid characters
// Some broken browsers send the #vector in the referer field :(
if (strpos($package['request_uri'], "#") !== FALSE) {
return "dfd9b1ad";
}
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment