Bork-Edition User Agent


Opera User Agent “Bork-Edition”

bork-edition spam bot iconHave you seen Bork-edition user agent strings? Wondered what browser uses this string? Maybe noticed nearly all traffic to your site with Bork edition in the user agent string is spam and hacking attempts. User agents with Bork-edition are considered by at least one writer among the top 10 spam bots that must be blocked.

There’s several user agents which on first glance look harmless e.g. user agent string Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02 Bork-edition [en]

Looks like it’s Internet Explorer doesn’t it… Look closer, it’s also Opera 7.02 – and at the end you find Bork-edition [en]

Bork-Edition UA a Bad Version of Opera 7.02

Opera Software released a version of it’s browser that behaves differently when visiting MSN.

Users accessing the MSN site will see the page transformed into the language of the famous Swedish Chef from the Muppet Show: Bork, Bork, Bork! Read more

This special version of Opera 7.02 uses the Bork-edition string in the browser ID.

This seems no more than one bad response to another bad action. Opera claims this was in response to MSN messing around with visitors to the website who used the Opera browser.

Bad behaviour by MSN – but not surprising – their bots; Bing and SearchMSN have become flagrant rule-breakers, constantly ignoring robots.txt and over-crawling websites.

Not the Whole Bork-edition Story

But it’s not the whole story. Bork-edition user agents were first seen coming from Russia and former Eastern European Soviet satellite states – a major source of spammers, botnets and hacker bots).

Webmaster who keep an eye on user agents will find a large percent of visits to their site where bad activity is seen – spam comments, spam registrations, spam bots and hacking attempts – will often see the Bork-edition UA in Project Honeypot IP records, even if the attack or spam attempt at that time didn’t use it.

It’s nearly always at the very top of the list of detected user agents – indicating this ID string was seen by honeypots traps more than any other.

Ban the Bork-edition Browser ID

Join the Ban the Bork movement 🙂 and ban any user agent with this in the UA string. Ban the host IP as well. Ban their hostname too. Many of the sources of Bork-edition bad activity is traceable to bad hosts.

So you may lose a bit of traffic from innocent visitors. However there are probably very few humans still using this corrupted Opera browser version.

If enough of us ban bad hosts, bad hosts may lose customers, forcing them to clean up their acts (hopefully but unlikely as there are always hackers and spammers out there looking for a host who let’s them do what they want).

The point is, we need to protect our sites, and our customers sites from bad activity. Banning the Bork-edition user agent, along with other known malicious browser agents, is another preventative measure, even if it’s small.

Lot’s of small measures add up however. There’s no single solution to web security, so we need to use every tool we have to ban the bad guys.

Advertisements

About Mike

Web Developer and Techno-geek Saltwater fishing nut Blogger

Posted on September 17, 2013, in Spam and tagged , , , , , , , . Bookmark the permalink. Leave a comment.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: