Reduce drone spam

2008-12-29

Do you see a lot of hits in your access log like these?

/index.php?option=http://myfamily.yoll.net/index.htm?
/index.php?a=http://one.xthost.info/myfamily/index.htm?
/index.php?action=http://babycaleb.fortunecity.co.uk/picture.htm?

Then your website is a targeted by drones, websites or computers that have been infected by the same virus that simply tries to infect other websites by the same virus. It (rather succesfully) accomplishes this by attempting to exploit well known security breaches in popular software. CMS's like Joomla, Drupal or Wordpress and popular forums like PHPBB and VBulletin have default URL structures that are easily recognized.

All a drone has to do is google for such a structure and attempt to apply the exploit to the url's found. When working in a botnet, the url is passed on to other bots so they can try as well (you often see the same remote URL attempted several times).

So, how do you prevent this annoying drone spam? Easy! Mask your URL. Go with SEO, but if you don't want to, just change the PHP variables. Don't use variables like a= action= page= option= etc, but use fresh variables (or, even better, no clear variables at all).

The old qfox.nl website used simple one-character PHP variables for several actions. Unclear for hte user, clear for me. But it got targeted by drones. A lot.

After the new version (you're currently looking at it) and implementing some SEO stuff, the spam died. Really fast!

Now I get a lost hit like once a month on this site.

So a possible solution to get rid of drone spam is to change the format of the URL of your website :)