1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

How can I block traffic by refferrer?

Discussion in 'Plesk for Linux - 8.x and Older' started by acidbox, Nov 29, 2005.

  1. acidbox

    acidbox Guest

    Our server is getting slammed daily by this asian search engine. I don't know where it's coming from. but it's not even finding legitimate results.

    It's gotten to the point where its affecting the performance of our server because Apache is handling so many requests from this damn place, it's almost like a DOS attack.

    The clients are all different, but the one thing in common is the refferer. Take a look at this error log:
    Is there a way I can block access to the server by checking the referrer and block them if they come from that domain?

    Thanks for the help.
  2. ShadowMan@

    ShadowMan@ Guest

    mod_security - According to gotroot.com, their ruleset:
    As of right now, their list is:
    20051129-01: Web Application protection
    20051129-01: Bad UserAgents blocking
    20051129-01: Comment spam blacklist
    20051129-01: Compromised/Hacker boxes blacklist
    20051111-01: Anti-Proxy protection
    20051111-01: Additional Apache 2.x rules
    20051120-01: Known rootkits/worms
    20050905-01: Rule Exclusions
    20051129-01: Blacklist of known attackers/spammers

    On most of our US servers, we do mod_security and block entire ranges of China (CN) and be done with it...
  3. acidbox

    acidbox Guest

    I'd like to do just that. I currently have mod_security 1.9 installed. Do you have any sample code or a good tutorial that covers how to do this?

  4. chuckg

    chuckg Guest

    With PHP

    Rename your default web page to home.php
    Edit new index.php below to suit.
    function.f_sleep waits 999 seconds and the HTTP resource request will time out first.
    This results in 0 bytes being transferred and elapsed time of whatever the network timeout is.
    include "function.f_sleep";
    $ref = $_SERVER['HTTP_REFERER'];
    if(strpos($ref , "insert referer string here") > 0) f_sleep("puts this line in new log file 'sleepers.txt' ");
    if(strpos($ref , "sexshop") > 0) f_sleep("REFERER:sexshop");
    header("Location: home.php");

    function f_sleep($a) {
    echo "<html><body>&nbsp;Hi.</body></html>"; }

    function sleepers($a) {
    $tim = date('H:i:s');
    $dat = date ('j F Y');
    $ip = $_SERVER[REMOTE_ADDR];
    $hostname = gethostbyaddr($_SERVER[REMOTE_ADDR]);
    $fp = fopen("sleepers.txt","a");
    fputs($fp, "\n $dat $tim $ip $hostname $a\n $age\n" );