alaz/legitbot

iMessageBot

inspire22 opened this issue · 1 comments

I'm getting a lot of hits like this that are being blocked by my rack-attack setup as you suggest:

E, [2022-02-03T06:53:01.889058 #1133986] ERROR -- : blocklist 47.155.9.106 GET / "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/601.2.4 (KHTML, like Gecko) Version/9.0.1 Safari/601.2.4 facebookexternalhit/1.1 Facebot Twitterbot/1.0"

Not sure how to get the proper list of IPs it's using? Here's ones I've seen:
172.91.121.17
70.181.168.184
47.155.9.106
216.150.126.58
108.7.233.172
108.54.49.32
71.227.168.241
73.228.203.166
162.235.153.62
107.184.85.25
174.208.224.248

.. and probably more, it's a lot of IPs

Here's an article about it
https://medium.com/@siggi/apples-imessage-impersonates-twitter-facebook-bots-when-scraping-cef85b2cbb7d

alaz commented

In my opinion, the article puts it right –

I hope Apple takes steps to be a better internet citizen and tack some iMessage identifier to the end of their user agent string in a future software update.

Meanwhile, you could check for this User Agent and skip Legitbot call, if you want. Beware, that malicious actors will eventually use this same User Agent to access web sites, if they don't yet.