Deny dex Bot Search POST contact.php HTTP 1.1 in htaccess

Today it is „dex Bot Search“ and „Mozilla/4.76 [ru] (X11; U; SunOS 5.7 sun4u)“ bringing my server almost to crash.

Update July 14, 2010 please read to the end of the post..

Yesterday it was „Casper Bot Search“, I blocked it succussfully with an entry on top of the .htaccess:

BrowserMatchNoCase Casper bad_bot
Order Deny,Allow
Deny from env=bad_bot

It looks like „dex Bot Search“ tries to POST to contact.php, a file or link not available on my domain, so getting lot’s of 404 errors.

In access.log I find now:

193.39.66.14 - - [01/Jul/2010:12:36:34 +0200]
"POST /34//contact.php HTTP/1.1" 403 1022 "-" "dex Bot Search"
193.39.66.14 - - [01/Jul/2010:12:36:34 +0200]
"POST //contact.php HTTP/1.1" 403 1022 "-" "dex Bot Search"
193.39.66.14 - - [01/Jul/2010:12:36:35 +0200]
"POST /34/cms-auf-1blu-unlimited//contact.php HTTP/1.1" 403 1022 "-" "dex Bot Search"
193.39.66.14 - - [01/Jul/2010:12:36:35 +0200]
"POST //contact.php HTTP/1.1" 403 1022 "-" "dex Bot Search"
193.39.66.14 - - [01/Jul/2010:12:36:35 +0200]
"POST //contact.php HTTP/1.1" 403 1022 "-" "dex Bot Search"
193.39.66.14 - - [01/Jul/2010:12:36:35 +0200]
"POST /34//contact.php HTTP/1.1" 403 1022 "-" "dex Bot Search"
81.176.226.100 - - [01/Jul/2010:12:46:46 +0200]
"POST /?s=blog%20%20//contact.php HTTP/1.1" 403 1036 "-" "dex Bot Search"
81.176.226.100 - - [01/Jul/2010:12:46:46 +0200]
"POST /?s=blog%20%20//contact.php HTTP/1.1" 403 1036 "-" "dex Bot Search"
81.176.226.100 - - [01/Jul/2010:12:46:46 +0200]
"POST /?s=blog%20%20//contact.php HTTP/1.1" 403 1036 "-" "dex Bot Search"
81.176.226.100 - - [01/Jul/2010:12:46:46 +0200]
"POST /?s=blog%20%20//contact.php HTTP/1.1" 403 1036 "-" "dex Bot Search"

Having the above script in .htaccess already, it was easy to block and deny this bot too, I just extended the entry like this:

BrowserMatchNoCase Casper bad_bot
BrowserMatchNoCase dex bad_bot
Order Deny,Allow
Deny from env=bad_bot

This will also block YandexBot, getting a 403 error, I do not care.

Do not ask me what is the purpose of these POST attacks, for me they just slowed down my vserver..

UPDATE:
getting POST now from „Mozilla/4.76 [ru] (X11; U; SunOS 5.7 sun4u)“

added to .htaccess like this:

BrowserMatchNoCase Casper bad_bot
BrowserMatchNoCase dex bad_bot
BrowserMatchNoCase sun4u bad_bot
Order Deny,Allow
Deny from env=bad_bot

UPDATE 02.07.2010
extended bot signatures by ’sledink‘ and ‚kangen‘ due to POST to not existing file contact.php

access.log looks like this:

92.48.70.83 - - [02/Jul/2010:19:27:06 +0200]
"POST /contac.php HTTP/1.1" 404 22568 "-" "rk q kangen"
66.210.175.75 - - [02/Jul/2010:19:27:17 +0200]
"POST /contact.php HTTP/1.1" 403 1022 "-" "Mozilla/4.76 [ru] (X11; U; SunOS 5.7 sun4u)"
208.115.217.194 - - [02/Jul/2010:19:27:17 +0200]
"POST /?s=forum/contact.php HTTP/1.1" 403 1036 "-" "Casper Bot Search"
205.237.100.89 - - [02/Jul/2010:23:05:34 +0200]
"POST /?s=blog%20%20//index.php HTTP/1.1" 403 1036 "-" "sledink Bot Search"
205.237.100.89 - - [02/Jul/2010:23:05:34 +0200]
"POST /?s=blog%20%20//index.php HTTP/1.1" 403 1036 "-" "sledink Bot Search"
205.237.100.89 - - [02/Jul/2010:23:05:35 +0200]
"POST /?s=blog%20%20//index.php HTTP/1.1" 403 1036 "-" "sledink Bot Search"

Update July 14, 2010
the bots try to POST now to different files, as there are:
contact.php, config.php, view.php and ‚powered‘

So by now I block and deny them in .htaccess in the following way:

RewriteEngine On

RewriteCond %{REQUEST_URI} contact\.php [NC,OR]

RewriteCond %{REQUEST_URI} config\.php [NC,OR]

RewriteCond %{REQUEST_URI} view\.php [NC,OR]

RewriteCond %{REQUEST_URI} powered [NC,OR]

RewriteCond %{QUERY_STRING} ^.*(contact\.php).*$ [NC,OR]

RewriteCond %{QUERY_STRING} ^.*(config\.php).*$ [NC,OR]

RewriteCond %{QUERY_STRING} ^.*(view\.php).*$ [NC,OR]

RewriteCond %{QUERY_STRING} ^.*(powered).*$ [NC]

RewriteRule . nouse.php [L]

all POST to the files above are redirected to a file in root folder of the attacked site.
This file nouse.php contains just the error header in php:

header("HTTP/1.1 403 Forbidden");

block search bot Majestic-12 : DSearch : MJ12bot. Email Address for Queries about the bot ( if you are too busy to read rest of the page ): bot@majestic12.co.uk (we respond very quickly!) Elizabeth was awakened from the trance created by this scene, and by gazing in that unusual manner at the bot tom of the lake, be the hoarse sounds of Benjamin’s voice, and the dashing of We've got 42 definitions for » What does stand for? What does mean? This page is about the various possible meanings of the acronym, abbreviation, shorthand or slang term: . Wikipedia:Bot policy - Wikipedia policy covers the operation of all s and automated scripts used to provide automation of Wikipedia edits, whether completely automated, higher speed, or simply assisting human editors in their own work. Tags: wikipedia, policy, wikipedia, Click the link for a map with Dunstable Library's location marked. The service can give you directions from your home as well.