homepage Welcome to WebmasterWorld Guest from 54.147.196.159
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

This 73 message thread spans 3 pages: < < 73 ( 1 [2] 3 > >     
CHINANET Beijing Province Network hammering my site!
They eat 403s but keeping coming like a mad-dog!
erlandc

10+ Year Member



 
Msg#: 4421781 posted 10:24 pm on Feb 25, 2012 (gmt 0)

Hi,
Log files for just 1 day, various times.

Why do they keep coming?
Cyberwar?
Hold the course?
Thanks,
E

1.202.218.8 - - [25/Feb/2012:02:29:22 -0800] "GET / HTTP/1.0" 403 4243 "-" "\"Mozilla/5.0"
1.202.218.8 - - [25/Feb/2012:03:16:23 -0800] "GET / HTTP/1.0" 403 4243 "-" "\"Mozilla/5.0"
1.202.218.8 - - [25/Feb/2012:04:44:25 -0800] "GET / HTTP/1.0" 403 4243 "-" "\"Mozilla/5.0"
1.202.218.8 - - [25/Feb/2012:05:33:05 -0800] "GET / HTTP/1.0" 403 4243 "-" "\"Mozilla/5.0"
1.202.218.8 - - [25/Feb/2012:06:30:51 -0800] "GET / HTTP/1.0" 403 4243 "-" "\"Mozilla/5.0"
1.202.218.8 - - [25/Feb/2012:08:19:41 -0800] "GET / HTTP/1.0" 403 4243 "-" "\"Mozilla/5.0"
1.202.218.8 - - [25/Feb/2012:08:53:46 -0800] "GET / HTTP/1.0" 403 4243 "-" "\"Mozilla/5.0"
1.202.218.8 - - [25/Feb/2012:10:11:50 -0800] "GET / HTTP/1.0" 403 4243 "-" "\"Mozilla/5.0"
1.202.218.8 - - [25/Feb/2012:12:04:56 -0800] "GET / HTTP/1.0" 403 4243 "-" "\"Mozilla/5.0"
1.202.218.8 - - [25/Feb/2012:12:14:55 -0800] "GET / HTTP/1.0" 403 4243 "-" "\"Mozilla/5.0"

 

wilderness

WebmasterWorld Senior Member wilderness us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4421781 posted 11:36 pm on Feb 27, 2012 (gmt 0)

Sure! what's your number? I'm in the mood


"hold the line and I'll get back to you"
OR null


Get the drift mow!

Staffa

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4421781 posted 12:09 am on Feb 28, 2012 (gmt 0)

erlandc, as a last resort, setup a single html page on your website NOT linked to any other pages and with NO links on it, just an orphan.
Fill the page with any text that you can find on the net putting CN in a bad light.
Redirect all visits of this bot to that page.
They won't like it and most likely go away.

erlandc

10+ Year Member



 
Msg#: 4421781 posted 12:11 am on Feb 28, 2012 (gmt 0)

mow?

erlandc

10+ Year Member



 
Msg#: 4421781 posted 12:35 am on Feb 28, 2012 (gmt 0)

Thanks alot Staffa! will do!

lucy24

WebmasterWorld Senior Member lucy24 us a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



 
Msg#: 4421781 posted 1:50 am on Feb 28, 2012 (gmt 0)

Who's Annie?

That would be me.

Didn't know that myself until a few days ago. Always pictured more of an Agatha. Or Clytemnestra, or possibly Xanthippe. What was the character's name in Young Frankenstein who always made the horses whinny in terror?

* * *

Whoops! Didn't see the Next Page link hiding among all those Tweets and Likes and +1 buttons.

For some reason I've never got especially riled about Chinese robots. I just lock them out, end of story. For a while I was absolutely enraged by the Ukrainians, but I guess you develop tolerance. Or maybe they developed inverse tolerance, so they no longer come by in batches of 15. Just 6, and only once or twice a day.

Now, hotlinkers...

erlandc

10+ Year Member



 
Msg#: 4421781 posted 2:08 am on Feb 28, 2012 (gmt 0)

ah, Ukrainians, blocked them out too. S'pose I'll just let them eat 403s. don't want to waste time like someone said here. will attempt to re-direct them with the stuff you said. maybe I'll test it on myself 1st. ho-hum

erlandc

10+ Year Member



 
Msg#: 4421781 posted 5:22 am on Feb 28, 2012 (gmt 0)

Whew! Anyone?

does this look right?

Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REMOTE_HOST} 1\.202\.218\.8
RewriteRule \.php$

thanks

lucy24

WebmasterWorld Senior Member lucy24 us a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



 
Msg#: 4421781 posted 6:34 am on Feb 28, 2012 (gmt 0)

So far so good. What happens after they ask for .php files?

Pfui

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4421781 posted 12:56 pm on Feb 28, 2012 (gmt 0)

Wait. There's more. [webmasterworld.com...]

erlandc

10+ Year Member



 
Msg#: 4421781 posted 7:19 pm on Feb 28, 2012 (gmt 0)

I tested this on myself:

RewriteCond %{REMOTE_HOST} 70\.83\.210\.151
RewriteRule \.php$ [siteisentthemto.com...] [R=301,L]

didn't work...

thanks for your time

lucy24

WebmasterWorld Senior Member lucy24 us a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



 
Msg#: 4421781 posted 11:26 pm on Feb 28, 2012 (gmt 0)

You mean you went to your own site in your own name-- er, I mean from your own IP-- asked for something ending in .php and you didn't get redirected?

###. What happened instead?

That's assuming for the sake of discussion that you have a fixed IP. Mine changes at random intervals-- most recently yesterday when the power was out for many hours. (Planned and pre-announced repairs, but try explaining why the fish are in the dark, the rat cage is cold and the cats' fountains don't work :()

erlandc

10+ Year Member



 
Msg#: 4421781 posted 11:42 pm on Feb 28, 2012 (gmt 0)

yes, I went to my site, grabbed my IP, put it in htaccess, nada, was able to view my site, didn't get re-directed.
numb

lucy24

WebmasterWorld Senior Member lucy24 us a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



 
Msg#: 4421781 posted 1:15 am on Feb 29, 2012 (gmt 0)

And you're in your logs as a perfectly normal 200?

Does other stuff in htaccess work? This is probably not the time to find out that the server has override permissions turned off (AllowOverride None) so you can't do anything with htaccess anyway :( Luckily this is a wildly unlikely explanation because Apache Docs seem to say that if you try to do something you're not allowed to do, you get walloped with a 500-class error. You'd have noticed.

More likely there's something else intercepting your request before you get as far as the attempted lockout. Put it right at the top of your Rewrites. That's where it ought to go anyway: normally you'd list directives in order of seriousness, from [F] to [G] to [R=301] to internal rewrites.

And, ahem, did you clear your browser cache (or preferably use a different browser than usual) and refresh the page? Everyone gets bitten by that one sooner or later.

erlandc

10+ Year Member



 
Msg#: 4421781 posted 1:33 am on Feb 29, 2012 (gmt 0)

yes, showed 200, and some 304s, and no, I didn't use a different browser, or did a refresh.
as I said in revisited, I'm not an expert at this. I'll try decipher what you wrote.
that IP is all over the web now, smashing. this is why I wanna send off to a site that'll blow their little minds.
can't seem to find this directive anywhere, and what I did find, it didn't work. did you see "revisited'?
thanks

erlandc

10+ Year Member



 
Msg#: 4421781 posted 3:45 am on Mar 10, 2012 (gmt 0)

I did it! Whew! Did a test on my IP & it worked. Thanks for your time ya'll!

Now that site can go to h e l l !

Options +FollowSymlinks
RewriteEngine on
RewriteBase /
RewriteCond %{REMOTE_HOST} 1.202.218.8
RewriteRule .* [churchofsatan.com...] [R=301,L]

wilderness

WebmasterWorld Senior Member wilderness us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4421781 posted 3:50 am on Mar 10, 2012 (gmt 0)

so what happens when they simply change to 1.202.218.9 or one of the their other ranges?

Denying to the precise Class D is a bad practice.

erlandc

10+ Year Member



 
Msg#: 4421781 posted 4:06 am on Mar 10, 2012 (gmt 0)

not sure what Class D is, as I said, I'm no expert at this. Bad practice? me? who me? they're the bad guys if you think it's me.

I think I messed up. I took off my IP & added theirs, now when I come to my site, I get re-directed to satan's site as well. back to the drawing bored

I'll block the whole range, I hope.
RewriteCond %{REMOTE_HOST} 1.0.0.0/8
Not sure if it'll work, but I'm here to learn

wilderness

WebmasterWorld Senior Member wilderness us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4421781 posted 4:22 am on Mar 10, 2012 (gmt 0)

1.202.218.8

Class A 1.
Class B 202.
Class C 218.
Class D 8

Just change this portion
RewriteCond %{REMOTE_HOST} 1.0.0.0/8

to
RewriteCond %{REMOTE_HOST} ^1.

erlandc

10+ Year Member



 
Msg#: 4421781 posted 4:32 am on Mar 10, 2012 (gmt 0)

thanks alot, done. but now I still go to the re-direct site when I go to my site.

RewriteCond %{REMOTE_HOST} ^1.
RewriteCond %{REQUEST_URI} /www.mysite.com$
RewriteRule .* [churchofsatan.com...] [R=301,L]

has it got something to do with the 301?

wilderness

WebmasterWorld Senior Member wilderness us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4421781 posted 4:38 am on Mar 10, 2012 (gmt 0)

wtf is this?
RewriteCond %{REQUEST_URI} /www.mysite.com$

at 10:45 PM EST you submitted the following as functioning:
Options +FollowSymlinks
RewriteEngine on
RewriteBase /
RewriteCond %{REMOTE_HOST} 1.202.218.8
RewriteRule .* [churchofsatan.com...] [R=301,L]


no such line existed in that code?

BTW use of example.com prevents links, however I'm quite sure you've been told that previously.

erlandc

10+ Year Member



 
Msg#: 4421781 posted 4:46 am on Mar 10, 2012 (gmt 0)

thanks, I took off RewriteCond %{REQUEST_URI} /www.mysite.com$

question is, when I go to my site, I still go the church etc site. what did I do wrong?

erlandc

10+ Year Member



 
Msg#: 4421781 posted 4:48 am on Mar 10, 2012 (gmt 0)

this is what I have now

Options +FollowSymlinks
RewriteEngine on
RewriteBase /
RewriteCond %{REMOTE_HOST} ^1.
RewriteRule .* [churchofsatan.com...] [R=301,L]

and I'm still going the hell site

wilderness

WebmasterWorld Senior Member wilderness us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4421781 posted 4:54 am on Mar 10, 2012 (gmt 0)

I did it! Whew! Did a test on my IP & it worked. Thanks for your time ya'll!

Now that site can go to h e l l !


Apparently not!

erlandc

10+ Year Member



 
Msg#: 4421781 posted 4:56 am on Mar 10, 2012 (gmt 0)

it worked, then I re-tested and whack!

Apparently not! you are right!

everyone coming to my site now will go to h e l l !

kinda funny 'tho

back to the drawing board

#*$!

erlandc

10+ Year Member



 
Msg#: 4421781 posted 5:55 am on Mar 10, 2012 (gmt 0)

wilderness, what did I do wrong? thanks

wilderness

WebmasterWorld Senior Member wilderness us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4421781 posted 6:10 am on Mar 10, 2012 (gmt 0)

#Turn on Rewrite, unless on previously
RewriteEngine on
RewriteCond %{REMOTE_ADDR} ^1\.
RewriteRule .* - [F]

erlandc

10+ Year Member



 
Msg#: 4421781 posted 6:15 am on Mar 10, 2012 (gmt 0)

like this? want to send them that h e l l site

Options +FollowSymlinks
RewriteEngine on
RewriteBase /
RewriteCond %{REMOTE_ADDR} ^1.
RewriteRule .* [churchofsatan.com...] [F]

thx

lucy24

WebmasterWorld Senior Member lucy24 us a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



 
Msg#: 4421781 posted 8:54 am on Mar 10, 2012 (gmt 0)

RewriteCond %{REMOTE_ADDR} ^1\.

Well, it's about ### time someone noticed that detail ;)

Erland, you have to escape the period \. otherwise it will mean "any character". So any IP that happens to begin in 1-- whether it's 12. or 198. or 15. or 137. or, et cetera-- will be caught by the rule.

erlandc

10+ Year Member



 
Msg#: 4421781 posted 9:11 am on Mar 10, 2012 (gmt 0)

Hi Lucy,
oh gee! I'll try decipher what you said. I thought I did it right but it didn't quite work. It re-directed to that site, but from me too, of which I didn't put my IP, so I figured everyone coming to my site would go there as well. So I took it off for & left the deny IP. It's 4:10 AM & I'm going slightly mad about this. Must sleep.
Thanks for popping Lucy.
I'll be back after some tweep.

erlandc

10+ Year Member



 
Msg#: 4421781 posted 9:12 pm on Mar 10, 2012 (gmt 0)

lucy
does escape the period mean delete?

erlandc

10+ Year Member



 
Msg#: 4421781 posted 9:51 pm on Mar 10, 2012 (gmt 0)

is this correct?

Options +FollowSymlinks
RewriteEngine on
RewriteBase /
RewriteCond %{REMOTE_ADDR} ^1.
RewriteRule .* [churchof*****.com...] [F]

but I'd like to actually test on myself, like last night when it worked, but I guessed all my visitors were re-directed too. so I have to remove it. (BTW that IP in increasing its visits)

This 73 message thread spans 3 pages: < < 73 ( 1 [2] 3 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved