wandenberg at gmail.com
Sun Sep 25 22:04:45 UTC 2016
Some time ago I wrote this module
check when an access is done through the Google Proxy using reverse DNS +
DNS resolve and comparing the results to validate the access.
You can do something similar.
On Sun, Sep 25, 2016 at 11:58 PM, lists at lazygranch.com <lists at lazygranch.com
> I got a spoofed googlebot hit. It was easy to detect since there were
> probably a hundred requests that triggered my hacker detection map
> scheme. Only two requests received a 200 return and both were harmless.
> 200 220.127.116.11 - - [25/Sep/2016:17:45:23 +0000] "GET / HTTP/1.1" 847
> "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.
> html)" "-"
> For the fake googlebot:
> # host 18.104.22.168
> Host 22.214.171.124.in-addr.arpa not found: 3(NXDOMAIN)
> For a real googlebot:
> # host 126.96.36.199
> 188.8.131.52.in-addr.arpa domain name pointer
> IP2location shows it is a Chinese ISP:
> Nginx has a reverse DNS module:
> I see it has a 10.1 issue:
> Presuming this bug gets fixed, does anyone have code to verify
> googlebots? Or some other method?
> nginx mailing list
> nginx at nginx.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx