sundaridevi - 8:21 pm on Oct 24, 2010 (gmt 0)
Hi, I wrote to PM because what works would depend on the specific case. Well I'm new here so, here is a short rundown on some things I would try:
- Some general fixes are to install the maxmind.com country geoip database and query it rather than using an htacess solution. The free database is about 95% effective at blocking a given country but you can purchase a much more accurate database. Either one requires install on your server, but if you know php/mysql it's not too hard using their tutorials. If you don't want to install a db then you can install a script to remotely access their paid version which returns the geoloc for a given ip, from country down to metropolitain areas in the USA, it also detects many known proxies.
- To get lots of different IPs hackers must use botnets or proxies. Elite proxies are difficult to detect via environment vars. But many can be easily blocked that way. A simple google search should give you a script to detect basic proxies. So all those should be blocked. Open proxies are also pretty easy to block.
- The last, most difficult, and most important thing to do to foil sophisticated hackers is block botnets. Doing this is similar to the way email spam filters detect spammers. You'll need to query a database of known dirty IPs
If the hackers are just coming from some rogue countries that you don't have any clients from, I would start out by just blocking those countries using maxmind's free solution and then reevaluate. Fighting hackers is a never ending battle.