On Tue, 2007-01-30 at 12:58 +0000, [EMAIL PROTECTED] wrote:
> Last night, a single user (or, at least, a single IP address)
> in China that self-identified as running windows98 and
> Mozilla 4.0 attempted to download sqlite-3.3.12.tar.gz
> 24980 times and  sqlite-source-3_3_12.zip 25044 times
> over about a 5 hour period, sucking up significant
> bandwidth in the process.
> 
> I've seen this type of thing before and have on occasion
> banned specific IP addresses from the website using
> 
>    iptables -A INPUT -s <ipaddress> -j DROP
> 
> But lately, there have been so many problems coming from
> win98 and moz4 that I'm thinking of banning all traffic
> that self-identifies as such in the User-Agent string of
> the HTTP header.
> 
> Thoughts anyone?  Are there less drastic measures that might
> be taken to prevent this kind of abuse?
> 

Richard,

You might like to explore using mod_security with some custom rules to
help eliminate problems like this. See http://www.modsecurity.org/

-- 
G. Roderick Singleton <[EMAIL PROTECTED]>
PATH tech

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to