Re: [tlug] Blocking unknown and unclear bots

["eredicatorx@example.com" <eredicatorx@example.com>]

On 02/23/2010 07:37 PM, Stephen J. Turnbull wrote:
> Curt Sampson writes:
>
>   >  I don't understand. So if a "good" bot and a "bad" bot swop IP
>   >  addresses, you start blocking the (presumably ex-) "good" bot, and now
>   >  allow the (presumably ex-) "bad" bot?
>
> Yup.  I have a couple of correspondents with addresses in the
> 163.com domain. :-)  And of course there's always the potential issue
> with new ISPs that their IP block used to harbor spammers, and once it
> was blacklisted enough, the spammers sold it on.
>
>
>    
So with that in mind,
What we are saying is a good bot is looking for content, a bad bot is 
looking for exploits.

How would one sensor a bot based on these kind of queries it makes?

A brief example is all I am looking for. Frequently Drupal becomes 
vulnerable to Cross Site Scripting attacks, and if I found a bot that 
was searching for that, how would I stop, delay or other wise thwart 
their evil.

The obvious answer is patch the system, but with zero day exploits, a 
patch may not yet be available.

E./