Empty user-agent

Empty user-agents are not blocked using the iTSec plugin “Ban Users” feature “Ban User Agents” part.

Instead enable the “Reduce Comment Spam” checkbox in the WordPress Tweaks section.

This will add the following lines to the .htaccess file:

# Rules to help reduce spam
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} ^(.*)wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !^(.*)dbrijnmond-23.nl.*
RewriteCond %{HTTP_REFERER} !^https://jetpack\.wordpress\.com/jetpack-comment/ [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule ^(.*)$ – [F]

The 2 bold lines will block empty user agents.

If the above info answers your question please mark this topic as ‘resolved’.

dwinden

I’ve pasted in a small part of my one .htaccess file. Would the bold lines be placed correctly or should there be an [OR] somewhere. Just not sure where to place it. Thanks so much for your help dwinden!

RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule ^(.*)$ – [F]

Nevermind. I found the feature in Wordfence. It worked during a real time attack. The trick was to remove the deprecated Brute Protect plugin which returned a Status 403 but allowed the IP to keep hammering on one of our sites. I removed Brute Protect then, enabled
Block IP’s who send POST requests with blank User-Agent and Referer
In Wordfence Options. Problem solved.

Ooops, forgot to hit resolved.

It looks fine. Just add the NC flag like this and make sure to turn the RewriteEngine on (it might already be included in your .htaccess):

RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule ^(.*)$ – [F]

[NC] = tells Apache to treat this rule as case-insensitive.

dwinden