自分自身のための ものづくり / 自分自身のためのものづくりメモ

突っ込みなどがありましたら掲示板にお願いします。

* RandomNoteの敵はspam投稿用クローラ

#RandomNote #掲示板spam対策 #Web

2007/09/23

 久々に、RandomNoteをspam投稿ロボットが引っかき回していった。
 対策が必要とは思ってるのだけど、たまにしかないし、投稿その物はBASIC認証で弾かれるしで、面倒なので1年以上放置してる。

 後述のような感じで、2時間半にわたり、GETとPOST合わせて800回以上のアクセスを行う酷いロボットだった。
 401で弾かれているのに延々と試行するのは無駄で、馬鹿なプログラムだと思う。ふつー、エラーが出たらとっととあきらめて他の無防備なBBSとかblogとかWikiを探すよう組むと思う。


2007/09/23,00:37:03,"-",GET,"/WiKi/rnx/index.rb","1164986317.txt","1.1",200,38051,"http://google.com","","Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
2007/09/23,00:37:03,"-",POST,"/WiKi/rnx/index.rb","","1.1",401,483,"http://google.com","","Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
2007/09/23,00:37:08,"-",GET,"/WiKi/rnx/index.rb","1164986317.txt","1.1",200,37743,"http://google.com","","Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
2007/09/23,00:37:14,"-",GET,"/WiKi/rnx/index.rb","1164986317.txt","1.1",200,37442,"http://google.com","","Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
2007/09/23,00:37:15,"-",POST,"/WiKi/rnx/index.rb","","1.1",401,483,"http://google.com","","Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
2007/09/23,00:37:24,"-",GET,"/WiKi/rnx/index.rb","1164986317.txt","1.1",200,37442,"http://google.com","","Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
2007/09/23,00:37:47,"-",GET,"/WiKi/rnx/index.rb","1164986317.txt","1.1",200,37442,"http://google.com","","Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
2007/09/23,00:37:51,"-",POST,"/WiKi/rnx/index.rb","","1.1",401,483,"http://google.com","","Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
(中略)
2007/09/23,03:12:54,"-",GET,"/WiKi/rnx/index.rb","cmd=search&word=#Web&smode=sum","1.1",200,63285,"http://google.com","","Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
2007/09/23,03:13:25,"-",POST,"/WiKi/rnx/","","1.1",401,483,"http://google.com","","Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
2007/09/23,03:13:51,"-",GET,"/WiKi/rnx/index.rb","cmd=search&word=#Web&smode=sum","1.1",200,63285,"http://google.com","","Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
2007/09/23,03:14:12,"-",GET,"/WiKi/rnx/index.rb","cmd=search&word=#Web&smode=sum","1.1",200,63285,"http://google.com","","Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
2007/09/23,03:14:24,"-",POST,"/WiKi/rnx/","","1.1",401,483,"http://google.com","","Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
2007/09/23,03:14:29,"-",GET,"/WiKi/rnx/index.rb","cmd=search&word=#Web&smode=sum","1.1",200,28790,"http://google.com","","Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
2007/09/23,03:14:33,"-",GET,"/WiKi/rnx/index.rb","cmd=search&word=#Web&smode=sum","1.1",200,63285,"http://google.com","","Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
2007/09/23,03:14:49,"-",GET,"/WiKi/rnx/index.rb","cmd=search&word=#Web&smode=sum","1.1",200,63285,"http://google.com","","Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
2007/09/23,03:15:11,"-",GET,"/WiKi/rnx/","","1.1",200,56291,"http://google.com","","Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"



2006/11/28

 また、なんかspam投稿ロボットがRandomNoteの検索履歴を引っかき回していった。やっぱ、なんか対策しないとダメだな。

 ログを見るとこんなので、
2006/11/27,18:34:00,69.50.189.90,"69-50-189-90.esthost.com","-","-",GET,"/WiKi/rnx/index.rb","1141224967.txt"
2006/11/27,18:34:01,69.50.189.90,"69-50-189-90.esthost.com","-","-",GET,"/WiKi/rnx/index.rb",""
2006/11/27,18:34:02,69.50.189.90,"69-50-189-90.esthost.com","-","-",GET,"/WiKi/rnx/index.rb","cmd=random"
2006/11/27,18:34:03,69.50.189.90,"69-50-189-90.esthost.com","-","-",GET,"/WiKi/rnx/index.rb","cmd=edit"
2006/11/27,18:34:04,69.50.189.90,"69-50-189-90.esthost.com","-","-",GET,"/WiKi/rnx/index.rb","rss"
2006/11/27,18:34:09,69.50.189.90,"69-50-189-90.esthost.com","-","-",GET,"/WiKi/rnx/index.rb","cmd=referer"
2006/11/27,18:34:10,69.50.189.90,"69-50-189-90.esthost.com","-","-",GET,"/WiKi/rnx/index.rb","cmd=change_log"
どうやら、HTMLデータの最初から順にたぐっているようだ。
参考:本RandomNoteのソース冒頭
<body>
<div class="head">
<div class="menu">
<a class="self" href="index.rb" ><span class="menu_btn">all</span></a>
<a class="self" href="index.rb?cmd=random" ><span class="menu_btn">random</span></a>
<a class="self" href="index.rb?cmd=edit" ><span class="menu_btn">create</span></a>
<a class="self" href="index.rb?rss" ><span class="menu_btn">RSS</span></a>
<a class="self" href="index.rb?cmd=referer" ><span class="menu_btn">referer</span></a>
<a class="self" href="index.rb?cmd=change_log" ><span class="menu_btn">change_log</span></a>
</div>

 先頭のあたりにdisplay:noneにした隠しリンクを2つ置いて、それらに短い時間間隔でアクセスしたら悪質なロボットとして出入り禁止にするか?


create : 2006/11/28 (Tue)
update : 2007/09/23 (Sun)