Hi, I'm trying to learn more about log analysis and thought my spam bot problem may be a good reason to dig in.
First, does the following log entry below mean: X IP connected at X time, did a POST which was redirected by X site and they're using one of these browsers, page took 1.031 seconds to load?
103.143.77.149 - - [06/Feb/2022:21:00:25 +0000] "POST / HTTP/1.1" 302 223 "https://www.mywebsiteatpythonanywhere.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36" "103.143.77.149" response-time=1.031
On the spam bot: I was able to convert my timezone to GMT from the email that came through the form to find the log entry. Basically the email is how I detected the bot and then found the log entry.
Is there a better way to parse the log to find spammy traffic and analyze it?
My approach(s) to killing the spam bot: 1) Put a hidden field with css or JS and don't let Flask send email if the field is filled out 2) Double opt in 3) Page load to submit time analysis 4) Use a WAF
flasksurfdiary
|
15
posts
|
pafk
|
2973
posts
|
PythonAnywhere staff
|
