Hi Tim. I think what Jens has to say is the best solution. I have also
made my own thing with zope as well since I don't always have control
of the firewall. I worked out a simple ip and country-ip solution. I
made a simple interface for adding ips to a black list or selecting
countries to add to black list. The logic makes a final connection to
my main site template so ips in black list or ip turning out to be from
a black listed country get nothing but an empty page (including an
empty page header) while those that I want to view my site will get
rendered pages. I use a county-ip database that gets updated once per
week (about 50,000 records) representing ranges from all countries.
I think is is becoming clearer that many of the threats on the Net come
not only come from specific ips but specific countries as well.
To me, blacklisting and filtering those who see your site based on ip
or ip ranges is just a little more risk management and less expense on
bandwidth for those you don't want to invite in. As Yens has pointed
out, it would be best to stop this at the firewall if you can. This
may not be possible based on how you are serving your sites as in a
hosted arrangement. My feeling is that if someone is visiting (by
looking at your site or sending a robot) it may deter some if they are
seeing or collecting nothing. But it would do little for those sniffing
for the server you are running and testing purely to see that your
alive for some future exploit attempt.
Regards
David
On Sunday, July 3, 2005, at 04:05 PM, Tim Hicks wrote:
Hi,
I have a zope site up and running which has recently had a *lots* of
hits
from a client (or clients) that show referers pointing at various
gambling, meds, and loan sites. Requests only come in for the main
page,
not for the associated images, css, etc that should go with it.
The consequence is that my server is working harder to service a client
that isn't interested in what it has to say, and my Z2.log is now far
less
useful to me as all these bogus requests drown out most of the useful
information.
So, I'm wondering if there's a way to blacklist those clients that I
don't
like based on host/ip and/or on referer.
If I hook into the traversal process in the same way as the virtual
host
monster objects do, could I check the request against my blacklist and
then do a REQUEST.close()? Would that still appear in my logs? Does
that
even make sense? Is there a HTTP response code that I could return to
these clients that would stop them being interested in my server?
Any ideas much appreciated.
Tim
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )