Instead, Bad Behavior pioneered an HTTP fingerprinting approach. Instead of looking at the spam, we look at the spammer. Bad Behavior analyzes the HTTP headers, IP address, and other metadata regarding the request to determine if it is spammy or malicious. This approach has proved, as one user said, “shockingly effective.” After all, spammers write their bots on the cheap, and have little incentive to code very well. If they could code very well, they probably wouldn’t be spammers.
Ran across a blog "protected" by this today. Pretty liberal use of the word "fingerprint." It doesn't even check if the "Accept" header value is valid for a given "User-Agent" header. In fact, base bones all you need is:
GET / HTTP/1.1
Accept: */*
Host: [host]
blog.xmpp.org uses this so you can play with any HTTP editor. Bad Behavior Anti-bot Screener not very good |