_____/ On Thu 13 Oct 2005 09:49:12 BST, [Andrew Beverley] wrote : \_____
A site of mine is under heavy attacks by zombies world-wide and it has been
getting much worse recently and is today (yesterday?) reaching
levels that put my hosting provider in jeopardy.
Referral URL's seem to be the good criterion for a filter to sort
out the mess. I see about 50 referring URL's, all of them are from
Tonga (*.to to > match), apart from a single German referral and one
from Cocos Islands (nokidding).
New referring URL's continue to be added as we speak, but not too quickly.
How do I write something to have Apache kill all requests based on referring
URL? Could somebody please work out what I need to add to .htaccess
in order to block the spammers?
I think mod_security is what you need: http://www.modsecurity.org/
It will scan all requests as they come into apache, and either pass
them through
to the HTTP engine itself, or just reject them. You can reject on a number of
different criteria, including referrer. For example you can set
SecFilterSelective "HTTP_REFERER" "buyviagra.com"
to block from buyviagra.com.
You will of course need to be able to install the module into apache
(unless it
is already installed) - I am not sure if you are able to do this if you are
buying a hosting package deal.
Andy Beverley
Thanks for the reply, Andy. I have already considered Bad Behaviour and
SpamValve, both of which were recommended by the WordPress hackers mailing
list. The problem is that in both cases, as is the case with
modsecurity.org, I
need root access.
I contacted my Web host last night and I am waiting for their reply. In
the mean
time, more machines get captured so the volume of zombies almost doubles every
day. This comes a day or two after a gang with 100,000 zombies was
uncovered in
Holland.
Cheers,
Roy
http://lists.manchester.ac.uk/mailman/listinfo/linux-users
|
|