homepage Welcome to WebmasterWorld Guest from 54.145.183.169
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
People hitting my site over 7 times per second?
Need help with this problem...
joyryde

5+ Year Member



 
Msg#: 3891 posted 7:48 am on Jun 22, 2005 (gmt 0)

I operate an ecommerce website. Every time a fraudulent credit card or stolen credit card is used on our site, it is reported to the bank and we permanently ban the IP of the computer used to place the fake order on our site. We ban IP addresses via .htaccess which redirects them to a "banned" page.

Recently fraud has been widespread and DAILY we have to ban new people.

Now our error logs show many of these IP addresses hitting our "YOU'VE BEEN BANNED" web page, and they are taking up WAY WAY WAY too much bandwidth.

How or why would these people hit the server about 5-10 times per second, and what can we do to end this?

1 example (of about 10 cases) from just today where the kid accessed the page repeatedly for 40 minutes:

[Tue Jun 21 12:43:57 2005] [error] [client 00.000.000.000] client denied by server configuration: /home/example/public_html/files/banned.htm

...and this goes on for over 40 minutes....on top of the other 5 IP's doing the same exact thing all day long.

[edited by: rogerd at 10:26 pm (utc) on June 22, 2005]
[edit reason] No specifics, please. [/edit]

 

Vulcan315

10+ Year Member



 
Msg#: 3891 posted 11:00 am on Jun 22, 2005 (gmt 0)

Isn't this considered to be a DOS (denial of service) attack, where the attacker takes down a site by pinging it to death and eating up it's bandwidth? I think there are programs floating around that a person can use to do just that in an automated manner.

Can you contact their provider and get them shut down for this?

Dave

Staffa

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3891 posted 3:13 pm on Jun 22, 2005 (gmt 0)

A few years ago I used to have the same problem then I removed the page where that particular visitor was directed to and that was it.

They get a 404 page not found, instead of running around in circles from trying to access a real page and being redirected each time.

maccas

10+ Year Member



 
Msg#: 3891 posted 3:38 pm on Jun 22, 2005 (gmt 0)

edited: opps Staffa already said what I wrote. That error page you have could possibly add fuel to the fire.

GeorgeK

10+ Year Member



 
Msg#: 3891 posted 6:23 pm on Jun 22, 2005 (gmt 0)

You could always redirect the .htaccess denial to go to www.yahoo.com, or [127.0.0.1...] (i.e. his own PC).

joyryde

5+ Year Member



 
Msg#: 3891 posted 4:43 am on Jun 23, 2005 (gmt 0)

Thanks guys...I guess the reason we have a "banned" page in the first place is that so many sites recommend it...I had considered re-directing them to another site, but that's not a good idea, because the page is displayed anytime someone tried to access a forbidden folder or part of the site. Just because someone tries to do that, they shouldn't be sent to yahoo...

jdMorgan

WebmasterWorld Senior Member jdmorgan us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3891 posted 7:22 pm on Jul 5, 2005 (gmt 0)

Be careful that the IP addresses you ban are listed in ARIN, RIPE, APNIC, etc. as "Assigned Permanent" addresses. If not, then you may be banning IP addresses within a pool shared by dial-up users (for example) and you may be banning legitimate visitors.

If you really need to ban shared dial-up IPs, then it's best to limit the ban to an hour or so, rather than making it permanent. This will also help to keep your banned IP list from becoming riduculously large over time.

Jim

victor

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3891 posted 7:41 pm on Jul 5, 2005 (gmt 0)

Consider having a dynamic ban list -- it works for me.

Rather than having any sites in a manual list for band-width abuse, a CGI routine checks if the IP address is requesting too fast.

If so, they get a banned page. Bans last from 5 minutes to 24 hours depending on how heavily they've been hitting us. Repeated bans tend to be longer.

Usually stops the most rampaging, out of control, spider in less time than it takes me to check the logs.

physics

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3891 posted 8:35 pm on Jul 5, 2005 (gmt 0)


1 example (of about 10 cases) from just today where the kid accessed the page repeatedly for 40 minutes:

How many times total in that 40 minutes?
You might look into mod_throttle as a way to deal with too many requests from the same ip.

Also instead of a banned page you can just serve a blank page (i.e. serve a file blank.html which is totally empty) or forbid them in .htaccess Look around the forums ... there are some good .htaccess discussions involving blocking/forbiding/redirecting these sorts of folks.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved