Documentation Source Text

Check-in [4e3b689944]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:The attack that the previous check-in sought to mitigate has stopped. So comment-out the change of the previous check-in.
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 4e3b689944b0622317e6df898fdcaab27744b5b771a485b010f22eee619633ae
User & Date: drh 2019-04-24 19:28:38
Context
2019-04-27
11:27
Fix a typo in althttpd.c - restore the behavior of index.cgi. check-in: 8cda91e897 user: drh tags: trunk
2019-04-24
19:28
The attack that the previous check-in sought to mitigate has stopped. So comment-out the change of the previous check-in. check-in: 4e3b689944 user: drh tags: trunk
17:18
In althttpd.c, disallow a single particular user-agent string that is recently appearing in spider attacks. check-in: 01c0f297c1 user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to misc/althttpd.c.

  1715   1715        || strstr(zAgent, "Download_Master")!=0
  1716   1716        || strstr(zAgent, "Ezooms/")!=0
  1717   1717        || strstr(zAgent, "HTTrack")!=0
  1718   1718        || strstr(zAgent, "AhrefsBot")!=0
  1719   1719       ){
  1720   1720         Forbidden(250);  /* LOG: Disallowed user agent */
  1721   1721       }
         1722  +#if 0
  1722   1723       /* Spider attack from 2019-04-24 */
  1723   1724       if( strcmp(zAgent,
  1724   1725               "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 "
  1725   1726               "(KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36")==0 ){
  1726   1727         Forbidden(251);  /* LOG: Disallowed user agent (20190424) */
  1727   1728       }
         1729  +#endif
  1728   1730     }
  1729   1731   #if 0
  1730   1732     if( zReferer ){
  1731   1733       static const char *azDisallow[] = {
  1732   1734         "skidrowcrack.com",
  1733   1735         "hoshiyuugi.tistory.com",
  1734   1736         "skidrowgames.net",