Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [Urgent] Apache Help

__/ [John Bokma] on Thursday 13 October 2005 07:13 \__

> Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> wrote:
>> My site has come under heavy attacks by infected machines world-wide
>> (no idea why they chose me). It has been getting worse for the past
>> week or so and is now reaching levels that put my hosting provider in
>> jeopardy.
>> The referrer seems to be a good criterion for filtering. I see about
>> 50 referring URL's, all of them from Tonga (ending with the .to
>> suffix), apart from a single German referral and one from Cocos
>> Islands (I'm serious).
>> New referring URL's continue to be added as we speak, but not too
>> quickly.
>> How do I write something to have Apache {die} all requests based on
>> referring URL?
>> Help please... soon if possible...
> RewriteEngine On
> RewriteCond %{HTTP_REFERER} \.to/
> RewriteRule .* - [F]
> gives everything with .to/ in the URL a Forbidden (untested)

Thanks, I'll try that. I don't know how to test this trivially, so I'll be

> Other option, as mentioned before: block out REMOTE_ADDR based on country
> assigned blocks.
> Also: check the USER_AGENT, maybe you can combine things.

It's always Windows machines as mentioned here:


Given the prevalence of Windows machines and/or IE, I don't think you can
use that as a discriminant without a tonage of false positives.

Very grateful


Roy S. Schestowitz      | "Avoid missing ball for higher score"
http://Schestowitz.com  |    SuSE Linux    |     PGP-Key: 74572E8E
 10:55am  up 48 days 23:09,  3 users,  load average: 0.37, 0.53, 0.47
      http://iuron.com - next generation of search paradigms

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index