Robots, SPAM bots, Worms and other tweaks

Hello,

Try this in your httpd.conf file, that should do the work, great!
I will be sorry for one thing only, explaining it all.. i reeeaalllyy do not have the time.

Hope this will be of a great help for some of you, if not all

#######----------------------------------------------------------------------------------------------#######
#
#    mod_rewrite VIRTUAL MULTI DOMAIN HOSTING TODO: IF/THEN CODE
#
#######----------------------------------------------------------------------------------------------#######
# splittable logs, we do a lot of log files of every different interest
## Start with things we do not want to log in our files...
SetEnvIf   Request_URI    "^/MSADC/(.*)$"       dontlog
SetEnvIf   Request_URI    "^/msadc/(.*)$"       dontlog
SetEnvIf   Request_URI    "^/scripts/(.*)$"       dontlog
SetEnvIf   Request_URI    "^/c/(.*)$"        dontlog
SetEnvIf   Request_URI    "^/d/(.*)$"        dontlog
SetEnvIf   Request_URI    "^/_vti_bin/(.*)$"       dontlog
SetEnvIf   Request_URI    "^/_mem_bin/(.*)$"      dontlog
SetEnvIf   Request_URI    "^/default.ida(.*)$"       dontlog
SetEnvIf   Request_URI    "^/NULL.printer(.*)$"      dontlog
SetEnvIf   Request_URI    "^/nsiislog.dll(.*)$"       dontlog
SetEnvIf   Request_URI    "^/Admin.dll(.*)$"       dontlog
SetEnvIf   Request_URI    "^/root.exe(.*)$"       dontlog
SetEnvIf   Request_URI    "^/cmd.exe(.*)$"       dontlog
SetEnvIf   Request_URI    "^/favicon.ico(.*)$"       dontlog
SetEnvIf   Request_URI    "^/cmd.exe(.*)$"       dontlog
SetEnvIf   Request_URI    "^/(.*).gif"        dontlog
SetEnvIf   Request_URI    "^/(.*).jpg"        dontlog
SetEnvIf   Request_URI    "^/(.*).png"        dontlog
SetEnvIfNoCase Referer     http(s?)://(www?)\.(.*)\.(localhost)/(.*)"  dontlog
SetEnvIfNoCase Referer     "^XXXX:\.(.*)"        dontlog
## mod_logio logging if available
<IfModule mod_logio.c>
 LogFormat "%{Host}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O"  combinedio
 CustomLog "/var/logs/apache_access_logIO.log"      combinedio    env=!dontlog
</IfModule>
## mod_deflate if available
<IfModule mod_deflate.c>
 DeflateFilterNote    Input  instream
 DeflateFilterNote    Output  outstream
 DeflateFilterNote    Ratio  ratio
 LogFormat "%{Host}i - %r - %{outstream}n/%{instream}n - (%{ratio}n%%)"      deflate
 CustomLog "/var/logs/apache_deflate.log"  deflate          env=!dontlog
</IfModule>
## traditional logging
<IfModule mod_log_config.c>
 # Define Different Log Formats And File Destinations
 LogFormat "%{Host}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""   combined
 CustomLog "/var/logs/apache_access.log"  combined           env=!dontlog
</IfModule>
## Some more logging and reporting, fanatic..
<IfModule mod_setenvif.c>
 ## Log all these robots
 SetEnvIf   Request_URI   "^/robots\.txt$"    robots
 CustomLog  "/var/logs/apache_robots.log" combined env=robots
 ## From Request That Get Here, We Do More Filtering, There Are The (non-contained) in dontlog {logged hits}
 SetEnvIf   dontlog 1 !robots
 BrowserMatch  "Mozilla/2"          nokeepalive
 BrowserMatch  "MSIE 4\.0b2;"          nokeepalive downgrade-1.0 force-response-1.0
 BrowserMatch  "RealPlayer 4\.0"         force-response-1.0
 BrowserMatch  "Java/1\.0"          force-response-1.0
 BrowserMatch  "JDK/1\.0"          force-response-1.0
 BrowserMatch  "Microsoft Data Access Internet Publishing Provider"  redirect-carefully
 BrowserMatch  "^WebDrive"          redirect-carefully
 BrowserMatch  "^WebDAVFS/1.[012]"        redirect-carefully
 BrowserMatch  "^gnome-vfs"          redirect-carefully
 BrowserMatch  "^fastlwspider"         spambot=true
 BrowserMatch  "^findEmail"          spambot=true
 BrowserMatch  "^SurfWalker"          spambot=true
 BrowserMatch  "^Telesoft"          spambot=true
 BrowserMatch  "^Zeus.*Webster Pro"        spambot=true
 BrowserMatch  "^[DFPS]Surf\d\d[a-z]"        spambot=true
 BrowserMatch  "^[DFPS]Browse \d\.\d[a-z]"       spambot=true
 BrowserMatch  "^EmailSiphon"         spambot=true
 BrowserMatch  "^EmailWolf"          spambot=true
 BrowserMatch  "^ExtractorPro"         spambot=true
 BrowserMatch  "^CherryPicker"         spambot=true
 BrowserMatch  "^NICErsPRO"          spambot=true
 BrowserMatch  "^EmailCollector"         spambot=true
 BrowserMatch  "^Mail"           spambot=true
 SetEnvIfNoCase spambot      "true"    spambots
 CustomLog  "/var/logs/apache_spambots.log" combined    env=spambots
 <IfModule mod_deflate.c>
  BrowserMatch ^Mozilla/4    gzip-only-text/html
  BrowserMatch ^Mozilla/4\.0[678]   no-gzip
  BrowserMatch \bMSIE     !no-gzip !gzip-only-text/html
 </IfModule>
</IfModule>
 

Code (markup):

 

that's not working.

 

This should work on any apache version?

 

Thank you for this

 

looks good

 

anyone knows whether it works or not?

 

Nice script!

 

would this code or something similar to it be useful in creation of subdomains?

 

does it apply to apache1 and/or apache2?

Thanks,

 

same question from my side