The spambot in question used the following user-agent:
Mozilla/3.0 (compatible; Indy Library)
and apparently is the user-agent string sent out by an email harvesting bot which mostly seems to operate from IP addresses in China.Here is a mod_rewrite rule to return a tiny response that minimises the impact of this bot:
#Enable mod_rewrite
RewriteEngine On
#Apply the rule below if the following condition is met
#Test if the HTTP user-agent header contains the substring "Indy Library"
RewriteCond %{HTTP_USER_AGENT} ^.*Indy\ Library.*$
#Apply the rule if the request matches .* (anything)
#- (minus sign) means do not substitute the URL (no need as we are relying on the ErrorDocument)
#F means return HTTP code 403 (Forbidden)
#L means this is the last rule so stop processing
RewriteRule .* - [F,L]
#Custom handler for error 403 (Forbidden)
#The single quote means return the literal string rather than a named page
ErrorDocument 403 "No
RewriteEngine On
#Apply the rule below if the following condition is met
#Test if the HTTP user-agent header contains the substring "Indy Library"
RewriteCond %{HTTP_USER_AGENT} ^.*Indy\ Library.*$
#Apply the rule if the request matches .* (anything)
#- (minus sign) means do not substitute the URL (no need as we are relying on the ErrorDocument)
#F means return HTTP code 403 (Forbidden)
#L means this is the last rule so stop processing
RewriteRule .* - [F,L]
#Custom handler for error 403 (Forbidden)
#The single quote means return the literal string rather than a named page
ErrorDocument 403 "No
If the Indy Library spambot hits my website it will receive a 2 byte response "No".