Blocked for Known malicious User-Agents

  • Resolved cakePlease

    (@cakeplease)


    3 years, 7 months ago

    Hello folks!
    I’m wondering if there’s a way to see what the user agent is, that are designated as malicious. I get these email notifications with this and would like more info to see if perhaps they are false positives or not. Any ideas? Can we whitelist some use agents?

    “Blocked for Known malicious User-Agents”

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfphil

    (@wfphil)

    Hi @cakeplease

    We have recently started to block common malicious user agents that frequently perform brute force login attacks.

    We are only blocking two so far, neither of which should ever be real browsers.

    Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

    Which is Internet Explorer 6 on Windows 2000, but without any of the additional metadata that invariably gets added on a real browser.

    And any user agent that misspells Mozilla as mozlila

    Do you have the exact UA strings for the 2 that you are blocking? i want to see if i can block those at the server level or CDN level before it even touches the site, in order to minimize server load.

    Plugin Support wfphil

    (@wfphil)

    Hi @ilovecake

    The exact user agent string for the first one is the same as in my last reply:

    Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

    For the other one you can search your server raw access logs for user agents that contain mozlila instead of mozilla.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Blocked for Known malicious User-Agents’ is closed to new replies.