Documentation Source Text

Check-in [4e3b689944]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:The attack that the previous check-in sought to mitigate has stopped. So comment-out the change of the previous check-in.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 4e3b689944b0622317e6df898fdcaab27744b5b771a485b010f22eee619633ae
User & Date: drh 2019-04-24 19:28:38.392
Context
2019-04-27
11:27
Fix a typo in althttpd.c - restore the behavior of index.cgi. (check-in: 8cda91e897 user: drh tags: trunk)
2019-04-24
19:28
The attack that the previous check-in sought to mitigate has stopped. So comment-out the change of the previous check-in. (check-in: 4e3b689944 user: drh tags: trunk)
17:18
In althttpd.c, disallow a single particular user-agent string that is recently appearing in spider attacks. (check-in: 01c0f297c1 user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to misc/althttpd.c.
1715
1716
1717
1718
1719
1720
1721

1722
1723
1724
1725
1726
1727

1728
1729
1730
1731
1732
1733
1734
     || strstr(zAgent, "Download_Master")!=0
     || strstr(zAgent, "Ezooms/")!=0
     || strstr(zAgent, "HTTrack")!=0
     || strstr(zAgent, "AhrefsBot")!=0
    ){
      Forbidden(250);  /* LOG: Disallowed user agent */
    }

    /* Spider attack from 2019-04-24 */
    if( strcmp(zAgent,
            "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 "
            "(KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36")==0 ){
      Forbidden(251);  /* LOG: Disallowed user agent (20190424) */
    }

  }
#if 0
  if( zReferer ){
    static const char *azDisallow[] = {
      "skidrowcrack.com",
      "hoshiyuugi.tistory.com",
      "skidrowgames.net",







>






>







1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
     || strstr(zAgent, "Download_Master")!=0
     || strstr(zAgent, "Ezooms/")!=0
     || strstr(zAgent, "HTTrack")!=0
     || strstr(zAgent, "AhrefsBot")!=0
    ){
      Forbidden(250);  /* LOG: Disallowed user agent */
    }
#if 0
    /* Spider attack from 2019-04-24 */
    if( strcmp(zAgent,
            "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 "
            "(KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36")==0 ){
      Forbidden(251);  /* LOG: Disallowed user agent (20190424) */
    }
#endif
  }
#if 0
  if( zReferer ){
    static const char *azDisallow[] = {
      "skidrowcrack.com",
      "hoshiyuugi.tistory.com",
      "skidrowgames.net",