On Tue, 2007-01-30 at 12:58 +0000, [EMAIL PROTECTED] wrote: > Last night, a single user (or, at least, a single IP address) > in China that self-identified as running windows98 and > Mozilla 4.0 attempted to download sqlite-3.3.12.tar.gz > 24980 times and sqlite-source-3_3_12.zip 25044 times > over about a 5 hour period, sucking up significant > bandwidth in the process. > > I've seen this type of thing before and have on occasion > banned specific IP addresses from the website using > > iptables -A INPUT -s <ipaddress> -j DROP > > But lately, there have been so many problems coming from > win98 and moz4 that I'm thinking of banning all traffic > that self-identifies as such in the User-Agent string of > the HTTP header. > > Thoughts anyone? Are there less drastic measures that might > be taken to prevent this kind of abuse? >
Richard, You might like to explore using mod_security with some custom rules to help eliminate problems like this. See http://www.modsecurity.org/ -- G. Roderick Singleton <[EMAIL PROTECTED]> PATH tech
smime.p7s
Description: S/MIME cryptographic signature