homepage Welcome to WebmasterWorld Guest from 54.226.191.80
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
Forum Library, Charter, Moderators: bakedjake

Linux, Unix, and *nix like Operating Systems Forum

    
how to stop fake http requests with spoofed IPs?
macdar




msg:3289955
 5:25 pm on Mar 22, 2007 (gmt 0)

Hi,

my box has been hitting constantly by fake http requests. I tracked it down, and it comes from one referrer, however it has different IPs.

I want to stop him doing that, but not sure why cuz I don't think iptables is the tool I wanna use in that situation. (IPs are spoofed, and I can reject legitimate ones).

any idea how to handle that?

thanks.

 

webdoctor




msg:3292359
 7:14 am on Mar 25, 2007 (gmt 0)

it comes from one referrer, however it has different IPs.

What makes you think the ip addresses are spoofed? They might be many different (real) machines that are being referred to your site by one page.

What kind of site is the referrer? Is there a link to your site on this page?

Is your site actually suffering from this - server load too high, response times poor, system crashing?

macdar




msg:3296222
 12:25 pm on Mar 29, 2007 (gmt 0)

Hi,

thanks for the answer, Webdoctor.

well, I run a service where people put my links on their websites. And some of my affiliates (actually just 2 guys) send tons of http requests to me (hundreds a minute). I couldn't spot my link anywhere on their site. AND there's no referer (php's $_SERVER[HTTP_REFERER] is empty).
that is why it makes me think these guys hit my box with fake requests.

How can I track it down. One suggested torrents might be used to do so. What can I do to find out if these are legitimate visitors, or not?

any ideas?

thanks.

macdar




msg:3311149
 4:05 pm on Apr 14, 2007 (gmt 0)

Hi,

here's the referer the guy is using:

<url removed>

if you go to <the site> - you will get redirected to adult sites.

the guy is killing my box with tons of requests a minute - these are not legitimate users.
anyone can help?

thanks.

[edited by: encyclo at 5:25 pm (utc) on April 14, 2007]
[edit reason] removed links to adult/virus-infected site [/edit]

Key_Master




msg:3311244
 6:41 pm on Apr 14, 2007 (gmt 0)

SetEnvIfNoCase Referer ^http://example\.com block

<Files ~ "^.*$">
order allow,deny
allow from all
deny from env=block
</Files>

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved