The following user agent blacklist is taken from the same "Bad Behavior" spam bot blocker that is used by my Netquery utility. It is intended for the assistance of fellow site administrators and others who may wish to tighten their web site security without installing that utility. It can be used, for example, in .htaccess matching and rejection of unwanted user agents. A file containing preformatted regular expression rewrite conditions and rules for that purpose may be downloaded here.
| Blacklisted user agent strings that occur at the beginning of the line | |
|---|---|
| User agent string | Malicious exploit |
| <sc | XSS exploit attempts |
| 8484 Boston Project | video poker/porn spam |
| adwords | referrer spam |
| autoemailspider | spam harvester |
| blogsearchbot-martin | from honeypot |
| CherryPicker | spam harvester |
| core-project/ | FrontPage extension exploits |
| Diamond | delivers spyware/adware |
| Digger | spam harvester |
| ecollector | spam harvester |
| EmailCollector | spam harvester |
| Email Siphon | spam harvester |
| EmailSiphon | spam harvester |
| grub crawler | misc comment/email spam |
| HttpProxy | misc comment/email spam |
| Internet Explorer | XMLRPC exploits seen |
| ISC Systems iRc | spam harvester |
| Jakarta Commons | custommised spambots |
| Java 1. | definitely a spammer |
| Java/1. | definitely a spammer |
| libwww-perl | spambot scripts |
| LWP | spambot scripts |
| Microsoft URL | spam harvester |
| Missigua | spam harvester |
| MJ12bot/v1.0.8 | malicious botnet |
| Movable Type | customised spambots |
| Mozilla' ' | malicious software |
| Mozilla/2 | malicious software |
| Mozilla/4.0( | from honeypot |
| Mozilla/4.0+( | suspicious harvester |
| MSIE | malicious software |
| NutchCVS | unidentified robots |
| Nutscrape/ | misc comment spam |
| OmniExplorer | spam harvester |
| psycheclone | spam harvester |
| PussyCat | misc comment spam |
| PycURL | misc comment spam |
| Super Happy Fun | spam harvester |
| TrackBack/ | trackback spam |
| user | suspicious harvester |
| User Agent: | spam harvester |
| User-Agent: | spam harvester |
| WebSite-X Suite | misc comment spam |
| Winnie Poh | Automated Coppermine hacks |
| Wordpress | malicious software |
| " | malicious software |
| Blacklisted user agent strings that occur anywhere within the line | |
| User agent string | Malicious exploit |
| \r | A really dumb bot |
| ; Widows | misc comment/email spam |
| a href= | referrer spam |
| compatible ; MSIE | misc comment/email spam |
| compatible- | misc comment/email spam |
| DTS Agent | misc comment/email spam |
| Email Extractor | spam harvester |
| Gecko/25 | revisit this in 500 years |
| grub-client | search engine ignores robots.txt |
| hanzoweb | very badly behaved crawler |
| Indy Library | misc comment/email spam |
| larbin@unspecified | stealth harvesters |
| Murzillo compatible | comment spam bot |
| .NET CLR 1) | free poker, etc. |
| POE-Component-Client | free poker, etc. |
| Turing Machine | www.anonymizer.com abuse |
| User-agent: | spam harvester/splogger |
| WebaltBot | spam harvester |
| WISEbot | spam harvester |
| WISEnutbot | spam harvester |
| Windows NT 4.0;) | wikispam bot |
| Windows NT 5.0;) | wikispam bot |
| Windows NT 5.1;) | wikispam bot |
| Windows XP 5 | spam harvester |
| WordPress/4.01 | pingback spam |
| \\) | spam harvester |
| Regular expression matches for some other blacklisted strings | |
| User agent string | Malicious exploit |
| /^[A-Z]{10}$/ | misc email spam |
| /[bcdfghjklmnpqrstvwxz ]{8,}/ | from spamassassin |