Welcome to WebmasterWorld Guest from 184.108.40.206 , register , free tools , login , search , pro membership , help , library , announcements , recent posts , open posts Become a Pro Member
how to stop fake http requests with spoofed IPs? macdar
my box has been hitting constantly by fake http requests. I tracked it down, and it comes from one referrer, however it has different IPs.
I want to stop him doing that, but not sure why cuz I don't think iptables is the tool I wanna use in that situation. (IPs are spoofed, and I can reject legitimate ones).
any idea how to handle that?
it comes from one referrer, however it has different IPs.
What makes you think the ip addresses are spoofed? They might be many different (real) machines that are being referred to your site by one page.
What kind of site is the referrer? Is there a link to your site on this page?
Is your site actually suffering from this - server load too high, response times poor, system crashing?
thanks for the answer, Webdoctor.
well, I run a service where people put my links on their websites. And some of my affiliates (actually just 2 guys) send tons of http requests to me (hundreds a minute). I couldn't spot my link anywhere on their site. AND there's no referer (php's $_SERVER[HTTP_REFERER] is empty).
that is why it makes me think these guys hit my box with fake requests.
How can I track it down. One suggested torrents might be used to do so. What can I do to find out if these are legitimate visitors, or not?
here's the referer the guy is using:
if you go to
<the site> - you will get redirected to adult sites.
the guy is killing my box with tons of requests a minute - these are not legitimate users.
anyone can help?
[ edited by: encyclo at 5:25 pm (utc) on April 14, 2007] [edit reason] removed links to adult/virus-infected site [/edit]
SetEnvIfNoCase Referer ^http://example\.com block
<Files ~ "^.*$">
order allow,deny allow from all deny from env=block </Files>