httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Frederik Nosi <frederik.n...@postecom.it>
Subject Re: [users@httpd] Denying access for a complicated bugger address
Date Tue, 30 Sep 2014 18:38:06 GMT
Hi Hans-Georg,

On 09/30/2014 08:26 PM, Hans-Georg Scherneck wrote:
> Rainer M. Canavan wrote:
>> On Sep 30, 2014, at 19:16 , Hans-Georg Scherneck <hgs@chalmers.se> 
>> wrote:
>>
>>> My site is bombarded by POST requests from a site identifying itself 
>>> like
>>> 123.123.123.123.word.word.word.word
>>> A "deny from" instruction with a string trying to match this in 
>>> .htaccess does not appear to work (though other abusers with simple 
>>> IP's I can get barred this way).
>> You don't say where that sites identifies itself in such a manner. 
>> You should
>> not enable reverse lookups (i.e. HostnameLookups should be Off, 
>> possibly some
>> other settings), then the first column in your access.log should 
>> always be
>> the actual originating IP address of that request.  If they are real 
>> spammers,
>> they have a botnet with lots of IPs in nearly as many locations and 
>> subnets.
>>
>>
>> rainer
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>> Blocking from apache:
>>
>> <Location />
>>     Order Allow,Deny
>>     Deny from <INSERT IP TO BLOCK HERE>
>> </Location>
>>
>> You can block it at the network stack level too, this way apache does 
>> not even see the request, ex on linux using iptables.
>>
>>
>> bye,
>> Frederik 
>
> I'm trying with <Location /> now.
>
> HostnameLookups Off
>
> has always been set.
> My reply to Richard a minute ago included some incriminating 
> access.log lines. Ever seen an address like this before?
> /Hans-Georg
>


I've never recieved those mails,

But as Rainer said not sure that a simple IP blacklisting if it's 
effective in the real world thoughthough, it's easy to change IP.

Maybe you can add a captcha, require authentication for accessing the 
form or some automatic blacklisting solution or rate limiting ex:

http://stackoverflow.com/questions/131681/how-can-i-implement-rate-limiting-with-apache-requests-per-second

another more "disguised" option, using the mod_rewrite, matching the IP 
and then replying "200 ok" with a fake page or such.

As always you have to choose the solution that suits you most.


Bye,
Frederik

>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message