I have been looking around and trying to work out the best way to protect a few websites of mine.
Appart from the obvious manual monitoring of the site logs and banning extreme/suspicious activity. I have seen many posts etc. about banning user agents. Is this a good route to go down? and would it be a better idea too, instead off banning known bad user agents, just allowing the common mainstream ones such as IE, FireFox, Safari and Chrome?
Not worth it.
The User Agent is sent by the client, and is trivial to forge. There’s a Firefox add-on that adds alternate UA options to the menu, for example. If the attacker is writing a script, he can specify whatever UA he wants.
Leave a comment
- Is there a way for administrators to disable users from installing Firefox extensions?
- Is there research material on NTP accuracy available?
- How to create a limited “domain admin” that does not have access to domain controllers?
- Can Windows RDC admin users be immune from being kicked?
- Domain Administrators account policy (After PCI audit)