Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [Urgent] Apache Help

__/ [John Bokma] on Thursday 13 October 2005 07:13 \__

> Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> wrote:
> 
>> My site has come under heavy attacks by infected machines world-wide
>> (no idea why they chose me). It has been getting worse for the past
>> week or so and is now reaching levels that put my hosting provider in
>> jeopardy.
>> 
>> The referrer seems to be a good criterion for filtering. I see about
>> 50 referring URL's, all of them from Tonga (ending with the .to
>> suffix), apart from a single German referral and one from Cocos
>> Islands (I'm serious).
>> 
>> New referring URL's continue to be added as we speak, but not too
>> quickly.
>> 
>> How do I write something to have Apache {die} all requests based on
>> referring URL?
>> 
>> Help please... soon if possible...
> 
> RewriteEngine On
> RewriteCond %{HTTP_REFERER} \.to/
> RewriteRule .* - [F]
>
> gives everything with .to/ in the URL a Forbidden (untested)



Thanks, I'll try that. I don't know how to test this trivially, so I'll be
cautious.
 

 
> Other option, as mentioned before: block out REMOTE_ADDR based on country
> assigned blocks.
> 
> Also: check the USER_AGENT, maybe you can combine things.

It's always Windows machines as mentioned here:

http://the.taoofmac.com/space/blog/2005-10-07.19%3A18

Given the prevalence of Windows machines and/or IE, I don't think you can
use that as a discriminant without a tonage of false positives.

Very grateful

Roy

-- 
Roy S. Schestowitz      | "Avoid missing ball for higher score"
http://Schestowitz.com  |    SuSE Linux    |     PGP-Key: 74572E8E
 10:55am  up 48 days 23:09,  3 users,  load average: 0.37, 0.53, 0.47
      http://iuron.com - next generation of search paradigms

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index