PDA

View Full Version : trying to stop referrer spam

Danny
18-07-2004, 00:39/12:39AM
Hi all,

I'm getting more and more hits from some wacko probably in an attempt to have his (clients) sites show up in my referrer files.
Stupid b'coz i dont even post my referrers on any page.
Still, this is using resources and i don't want those sites to add up an additional hit.

I'm on a Apache server so i already put this in my .htaccess file :
deny from 999.999.999.999
where 999.999.999.999 is substituted by the ip address that i want to disallow access to my site.

This results in a 403 error which is fine already.

Now, i would like to redirect the traffic coming from a couple of ip-adresses towards their own site.
That should be do-able by using a "rewritecond" in the .htaccess file but i'm not familiar with that.

Can anyone help me out on this ?

Thanks
bigDugan
18-07-2004, 01:30/01:30AM
Depending on your version of apache, you can use either IPTABLES (http://www.linuxguruz.com/iptables/howto/iptables-HOWTO-6.html) or IPCHAINS (http://www.linuxplanet.com/linuxplanet/tutorials/2100/3/) to drop every packet from any IP or subnet of IPs. I like to use the command:/sbin/iptables -A INPUT -s 99.999.999.99 -j DROPThe -A appends the new rule to the existing file. The -s specifies the source IP or subnet. The -j tells it to "jump" to the destination "DROP" which means it just drops the packets cold. I guess you could specify a destination IP, but then you'd still be routing that unwanted traffic through your server and using up valuable resources.

I also like to use the following command to make the new rules permanent on server, otherwise they will be lost on a server reboot:/sbin/iptables-save > /etc/sysconfig/iptables*Please note all commands are case sensitive.
Danny
19-07-2004, 12:58/12:58PM
Thank you , great help !:up:
bigDugan
19-07-2004, 13:27/01:27PM
You're welcome, especially if it helps! ;)
ArmenT
27-07-2004, 01:13/01:13AM
Note that this only applies if:
(a) Your OS is Linux.
(b) You have root access.

Also, it has nothing to do with apache being installed or not. You're configuring the linux firewall with these commands :).

Also would advice against using ipchains for any firewall, as it is not a stateful firewall and is not as secure.
bigDugan
27-07-2004, 02:58/02:58AM
I use IPTABLES along with a hardware firewall at the direction of my hosting company, because they don't want to update my firewall on a daily basis, let alone real time. I've implemented a simple that script that allows me to block would be attacks in real time, and it works great.