|how to stop fake http requests with spoofed IPs?|
| 5:25 pm on Mar 22, 2007 (gmt 0)|
my box has been hitting constantly by fake http requests. I tracked it down, and it comes from one referrer, however it has different IPs.
I want to stop him doing that, but not sure why cuz I don't think iptables is the tool I wanna use in that situation. (IPs are spoofed, and I can reject legitimate ones).
any idea how to handle that?
| 7:14 am on Mar 25, 2007 (gmt 0)|
|it comes from one referrer, however it has different IPs. |
What makes you think the ip addresses are spoofed? They might be many different (real) machines that are being referred to your site by one page.
What kind of site is the referrer? Is there a link to your site on this page?
Is your site actually suffering from this - server load too high, response times poor, system crashing?
| 12:25 pm on Mar 29, 2007 (gmt 0)|
thanks for the answer, Webdoctor.
well, I run a service where people put my links on their websites. And some of my affiliates (actually just 2 guys) send tons of http requests to me (hundreds a minute). I couldn't spot my link anywhere on their site. AND there's no referer (php's $_SERVER[HTTP_REFERER] is empty).
that is why it makes me think these guys hit my box with fake requests.
How can I track it down. One suggested torrents might be used to do so. What can I do to find out if these are legitimate visitors, or not?
| 4:05 pm on Apr 14, 2007 (gmt 0)|
here's the referer the guy is using:
if you go to <the site> - you will get redirected to adult sites.
the guy is killing my box with tons of requests a minute - these are not legitimate users.
anyone can help?
[edited by: encyclo at 5:25 pm (utc) on April 14, 2007]
[edit reason] removed links to adult/virus-infected site [/edit]
| 6:41 pm on Apr 14, 2007 (gmt 0)|
SetEnvIfNoCase Referer ^http://example\.com block
<Files ~ "^.*$">
allow from all
deny from env=block