Hi, I have installed APF and Dos Denial on the system. However, I am still not able to block the attacker as he is using multiple IP addresses to send the spam bots with URLs like -
200 73621 "http://media.adrevolver.com/adrevolver/banner?place=31439&cpy=9678696" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
200 100 "http://media.adrevolver.com/adrevolver/banner?place=31439&cpy=9742292" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
"http://d3.zedo.com/jsc/d3/ff2.html?n=790;c=843/1;s=785;d=14;w=728;h=90" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3"
Is there a way I can set up something like -
in file (used because apache + mongrel setup)->
/usr/local/apache2/conf/extra/httpd-vhosts.conf
# redirect all spam - like urls to a script
RewriteCond %{REQUEST_URI} ^/(zedo¦adrevolver¦trafficmp)(/)?$
RewriteRule ^.* /usr/local/ddos/ddos.sh -d %{REMOTE_ADDR} [PT,L]
However, the lines do not work.
I will really appreciate if you can suggest how to block all/any IP address that are sending a type of request.
Thanks in advance for your help.
Rajat
