Hi Tim. I think what Jens has to say is the best solution. I have also made my own thing with zope as well since I don't always have control of the firewall. I worked out a simple ip and country-ip solution. I made a simple interface for adding ips to a black list or selecting countries to add to black list. The logic makes a final connection to my main site template so ips in black list or ip turning out to be from a black listed country get nothing but an empty page (including an empty page header) while those that I want to view my site will get rendered pages. I use a county-ip database that gets updated once per week (about 50,000 records) representing ranges from all countries.

I think is is becoming clearer that many of the threats on the Net come not only come from specific ips but specific countries as well. To me, blacklisting and filtering those who see your site based on ip or ip ranges is just a little more risk management and less expense on bandwidth for those you don't want to invite in. As Yens has pointed out, it would be best to stop this at the firewall if you can. This may not be possible based on how you are serving your sites as in a hosted arrangement. My feeling is that if someone is visiting (by looking at your site or sending a robot) it may deter some if they are seeing or collecting nothing. But it would do little for those sniffing for the server you are running and testing purely to see that your alive for some future exploit attempt.


Regards
David

On Sunday, July 3, 2005, at 04:05 PM, Tim Hicks wrote:

Hi,

I have a zope site up and running which has recently had a *lots* of hits
from a client (or clients) that show referers pointing at various
gambling, meds, and loan sites. Requests only come in for the main page,
not for the associated images, css, etc that should go with it.

The consequence is that my server is working harder to service a client
that isn't interested in what it has to say, and my Z2.log is now far less
useful to me as all these bogus requests drown out most of the useful
information.

So, I'm wondering if there's a way to blacklist those clients that I don't
like based on host/ip and/or on referer.

If I hook into the traversal process in the same way as the virtual host
monster objects do, could I check the request against my blacklist and
then do a REQUEST.close()? Would that still appear in my logs? Does that
even make sense?  Is there a HTTP response code that I could return to
these clients that would stop them being interested in my server?

Any ideas much appreciated.

Tim
_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to