I have been seeing a large number of hits with the following User-Agent string in my logs lately:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 Firebird/0.7
- Firebird hasn’t existed as a browser for a very long time
- A build date of October 7, 2003???
- From 3 separate IP Addresses
This Apache REWRITE rule took care of this issue.
RewriteCond %{HTTP_USER_AGENT} .*Gecko\/20031007.*
RewriteRule ^.*$ http://www.pierzchala.com:9080/ [R,L,NS]
Try the URL…it points to this iptables rule.
/sbin/iptables -A INPUT -p tcp -i eth0 -s 0/0 --dport 9080 -j DROP
I love Linux!
Leave a Reply