Should I Block Bot With Empty User-Agents

I got some click-bombing attacks on my site and the bots that made the attacks have this user agent: “-” . I also have heard that empty user agent as well may be a bad boot. But I am not sure will denying access to visitors with empty user agent may as well block some legitimate users.

So I use this rewrite condition to block both users with blank and “-” user agent:


RewriteCond %{HTTP_USER_AGENT} ^-?$
RewriteRule ^ - [F]

Are there normal visitors that have the blank user agent? I guess all bots with “-” are bad.

stormy,

The {HTTP_USER_AGENT} is notoriously unreliable but few legitimate users would even think to modify it so, if you’re having problems with blank or “-” as a user agent, go ahead and block. However, I’d change your start anchor only to .? (anything) to guarantee a match.

Regards,

DK

Thanks. If i do not modify it, it will only match this user agent “-”. If so, this is everything I need.

I worry because maybe Google image bot and probably few other “good” bots have Blank User {HTTP_USER_AGENT}.

Stormy,

No, Google is smart enough to call their bot Googlebot which has a lot of hackers using the same moniker to spoof websites.

Regards,

DK