My server has been under heavy attack in the past few hours and I am
also looking for a way to lock out abusers. I am thinking of making a
change to tcpwrappers to identify abusers and place them on the deny
list. I want to permit mobile users to access services like POP3 but to
deny an untrusted IP after it is identified as hammering the port.
The download case could be handled by logging the IP of a downloader and
denying that IP access for a grace period, perhaps 5 or 10 minutes.
that would not seriously impinge the capabilities of legitimate users
but would greatly reduce the capability of abusers to create havoc.
A persistent trier could be placed on an IP deny list after a certain
number of attempts in a specified time window.
If your HTTP server is launched bu inetd you could use the tcpwrappers
approach.
The check could be placed in the web server.
[EMAIL PROTECTED] wrote:
Last night, a single user (or, at least, a single IP address)
in China that self-identified as running windows98 and
Mozilla 4.0 attempted to download sqlite-3.3.12.tar.gz
24980 times and sqlite-source-3_3_12.zip 25044 times
over about a 5 hour period, sucking up significant
bandwidth in the process.
I've seen this type of thing before and have on occasion
banned specific IP addresses from the website using
iptables -A INPUT -s <ipaddress> -j DROP
But lately, there have been so many problems coming from
win98 and moz4 that I'm thinking of banning all traffic
that self-identifies as such in the User-Agent string of
the HTTP header.
Thoughts anyone? Are there less drastic measures that might
be taken to prevent this kind of abuse?
--
D. Richard Hipp <[EMAIL PROTECTED]>
-----------------------------------------------------------------------------
To unsubscribe, send email to [EMAIL PROTECTED]
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
To unsubscribe, send email to [EMAIL PROTECTED]
-----------------------------------------------------------------------------