Blocking bots/people at a server level

Forum Moderators: phranque

Message Too Old, No Replies

Blocking bots/people at a server level

jake66

9:11 am on Jan 31, 2008 (gmt 0)

I'm sure this has been addressed before, but I am not sure what key terms I'd use in my query to dig up old topics. If it's been answered before, please provide a link? :)

As of late I've been getting a lot of bots / blocked people returning (or attempting) to my site.

At present, I block everything via htaccess. To my knowledge, this is sufficient.. but I still see them trying their deeds in my error logs:

[Thu Jan 31 02:09:27 2008] [error] [client 220.x.x.x] client denied by server configuration:

Can they still cause harm to my server (ddos, or other things)?
If so, is it possible to completely disable them from accessing the server before the htaccess file even has a chance to execute?

At present, I am running Apache 1.3.39 with php5 and cpanel 11

jdMorgan

5:09 am on Feb 1, 2008 (gmt 0)

Some webmasters set up complicated error-logging scripts, or overly-long custom 403 error pages, and make themselves vulnerable to simple request-based DOS attacks by doing so. :)

The answer to stopping abuse before it gets to .htaccess is to stop in in httpd.conf -- Or better yet, stop it before requests even get to Apache. You can use iptables in linux to do this, or any number of hardware or software firewalls.

Jim

jake66

11:56 am on Feb 1, 2008 (gmt 0)

You can use iptables in linux

Is it safe for somebody with (very) limited Apache knowledge to tinker with this stuff?
...(is there an easy 'undo' button if something gets broke?)

jdMorgan

6:41 pm on Feb 1, 2008 (gmt 0)

The undo button is the backup of the files that you created before starting... ;)

Like a soldier or a fireman, you'll learn to live with the danger, and possibly get a thrill from it... :)

Jim